CVE-2013-2211

Xen 4.0.x-4.2.x - Unauthenticated Xenstore Key Permission Weakness

Title source: llm

Description

The libxenlight (libxl) toolstack library in Xen 4.0.x, 4.1.x, and 4.2.x uses weak permissions for xenstore keys for paravirtualised and emulated serial console devices, which allows local guest administrators to modify the xenstore value via unspecified vectors.

References (6)

Core 6

Core References

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/55082

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2013/06/26/4

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-201309-24.xml

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2013/06/25/1

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2014/dsa-3006

Scores

EPSS 0.0023

EPSS Percentile 46.0%

Details

CWE

CWE-264

Status published

Products (14)

xen/xen 4.2.0

xen/xen 4.2.1

xen/xen 4.2.2

xen/xen 4.1.0

xen/xen 4.1.1

xen/xen 4.1.2

xen/xen 4.1.3

xen/xen 4.1.4

xen/xen 4.1.5

xen/xen 4.0.0

... and 4 more

Published Aug 28, 2013

Tracked Since Feb 18, 2026