CVE-2008-5716

NameCVE-2008-5716
Descriptionxend in Xen 3.3.0 does not properly restrict a guest VM's write access within the /local/domain xenstore directory tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this issue exists because of erroneous set_permissions calls in the fix for CVE-2008-4405.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
xen-3source(unstable)(not affected)
xen-unstablesource(unstable)(not affected)

Notes

- xen-3 <not-affected> (Vulnerable code never entered Debian)
- xen-unstable <not-affected> (Vulnerable code never entered Debian)
this issue was introduced as a fix to CVE-2008-4405, which has not
yet been fixed in Debian
Search for package or bug name: Reporting problems