Main Vulnerability Database SB2013062606

SB2013062606 - Permissions, Privileges, and Access Controls in xen (Alpine package)

Published: June 26, 2013

Security Bulletin ID SB2013062606

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Adjecent network

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2013-2211)

The vulnerability allows a remote #AU# to execute arbitrary code.

The libxenlight (libxl) toolstack library in Xen 4.0.x, 4.1.x, and 4.2.x uses weak permissions for xenstore keys for paravirtualised and emulated serial console devices, which allows local guest administrators to modify the xenstore value via unspecified vectors.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=386d947eaf640de1a5515087a2b65d5960e5624b
https://git.alpinelinux.org/aports/commit/?id=638e4f7ceb5b5a8b9f9c7c3206fcd9e7c39d2bee
https://git.alpinelinux.org/aports/commit/?id=c78cd179455d0b332fcc2d9cbe05cf71876ec239