CVE-2008-4405

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-4405. PoCs published by Pascal Bouchareine.

AI-analyzed exploit summary This exploit demonstrates a vulnerability in Xen where guest domains can write arbitrary configuration data to the Xenstore, potentially leading to information disclosure or manipulation of system behavior. The provided command writes a malicious path to the guest domain's console configuration.

Description

xend in Xen 3.0.3 does not properly limit the contents of the /local/domain xenstore directory tree, and does not properly restrict a guest VM's write access within this tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this issue was originally reported as an issue in libvirt 0.3.3 and xenstore, but CVE is considering the core issue to be related to Xen.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Pascal Bouchareine · textlocallinux

https://www.exploit-db.com/exploits/32446

View Code ZIP pw:eip

This exploit demonstrates a vulnerability in Xen where guest domains can write arbitrary configuration data to the Xenstore, potentially leading to information disclosure or manipulation of system behavior. The provided command writes a malicious path to the guest domain's console configuration.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Xen 3.3

Auth required

Prerequisites: Access to a guest domain in a Xen environment · Ability to execute xenstore-write commands

MITRE ATT&CK