CVE-2013-2211

NameCVE-2013-2211
DescriptionThe libxenlight (libxl) toolstack library in Xen 4.0.x, 4.1.x, and 4.2.x uses weak permissions for xenstore keys for paravirtualised and emulated serial console devices, which allows local guest administrators to modify the xenstore value via unspecified vectors.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-3006-1
NVD severityhigh (attack range: remote)
Debian/oldstablenot vulnerable.
Debian/stablenot vulnerable.
Debian/testingnot vulnerable.
Debian/unstablenot vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
xen (PTS)squeeze (security), squeeze4.0.1-5.11fixed
wheezy4.1.4-3+deb7u3fixed
wheezy (security)4.1.4-3+deb7u4fixed
jessie, sid4.4.1-6fixed

The information above is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
xensource(unstable)4.3.0-1high
xensourcesqueeze(not affected)
xensourcewheezy4.1.4-3+deb7u2highDSA-3006-1

Notes

[squeeze] - xen <not-affected> (libxl not packaged in squeeze)

Search for package or bug name: Reporting problems