certfr_avis - CERTA-2013-AVI-131

CERTA-2013-AVI-131

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été corrigée dans Xen . Elle permet à un attaquant de provoquer un déni de service à distance, un déni de service et une atteinte à la confidentialité des données. Elle concerne le composant oxenstored.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	XEN	Xen	Xen version 4.1
	XEN	Xen	Xen version 4.2

References

Title

Publication Time

Tags

Bulletin de sécurité Xen XSA-38 du 15 février 2013

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Xen version 4.1",
      "product": {
        "name": "Xen",
        "vendor": {
          "name": "XEN",
          "scada": false
        }
      }
    },
    {
      "description": "Xen version 4.2",
      "product": {
        "name": "Xen",
        "vendor": {
          "name": "XEN",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2013-0215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0215"
    }
  ],
  "links": [],
  "reference": "CERTA-2013-AVI-131",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2013-02-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eXen\u003c/span\u003e .\nElle permet \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance,\nun d\u00e9ni de service et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\nElle concerne le composant \u003cspan class=\"textit\"\u003eoxenstored\u003c/span\u003e.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Xen oxenstored",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Xen XSA-38 du 15 f\u00e9vrier 2013",
      "url": "http://lists.xen.org/archives/html/xen-announce/2013-02/msg00005.html"
    }
  ]
}

CVE-2013-0215 (GCVE-0-2013-0215)

Vulnerability from cvelistv5 – Published: 2013-03-07 02:00 – Updated: 2024-08-06 14:18

Summary

oxenstored in Xen 4.1.x, Xen 4.2.x, and xen-unstable does not properly consider the state of the Xenstore ring during read operations, which allows guest OS users to cause a denial of service (daemon crash and host-control outage, or memory consumption) or obtain sensitive control-plane data by leveraging guest administrative access.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://secunia.com/advisories/55082	third-party-advisoryx_refsource_SECUNIA
	http://xenbits.xen.org/gitweb/?p=xen.git%3Ba=comm…	x_refsource_CONFIRM
	http://security.gentoo.org/glsa/glsa-201309-24.xml	vendor-advisoryx_refsource_GENTOO
	http://openwall.com/lists/oss-security/2013/02/05/10	mailing-listx_refsource_MLIST
	http://xenbits.xen.org/gitweb/?p=xen.git%3Ba=comm…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T14:18:09.349Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "55082",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55082"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://xenbits.xen.org/gitweb/?p=xen.git%3Ba=commit%3Bh=40f9c5e0a6d15b4ca1f6d4ed3a46f0871520eab5"
          },
          {
            "name": "GLSA-201309-24",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201309-24.xml"
          },
          {
            "name": "[oss-security] 20130205 Xen Security Advisory 38 (CVE-2013-0215) - oxenstored incorrect handling of certain Xenbus ring states",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2013/02/05/10"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://xenbits.xen.org/gitweb/?p=xen.git%3Ba=commit%3Bh=61401264eb00fae4ee4efc8e9a5067449283207b"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-02-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "oxenstored in Xen 4.1.x, Xen 4.2.x, and xen-unstable does not properly consider the state of the Xenstore ring during read operations, which allows guest OS users to cause a denial of service (daemon crash and host-control outage, or memory consumption) or obtain sensitive control-plane data by leveraging guest administrative access."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-10-11T09:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "55082",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55082"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://xenbits.xen.org/gitweb/?p=xen.git%3Ba=commit%3Bh=40f9c5e0a6d15b4ca1f6d4ed3a46f0871520eab5"
        },
        {
          "name": "GLSA-201309-24",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201309-24.xml"
        },
        {
          "name": "[oss-security] 20130205 Xen Security Advisory 38 (CVE-2013-0215) - oxenstored incorrect handling of certain Xenbus ring states",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2013/02/05/10"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://xenbits.xen.org/gitweb/?p=xen.git%3Ba=commit%3Bh=61401264eb00fae4ee4efc8e9a5067449283207b"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-0215",
    "datePublished": "2013-03-07T02:00:00",
    "dateReserved": "2012-12-06T00:00:00",
    "dateUpdated": "2024-08-06T14:18:09.349Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CERTA-2013-AVI-131

Solution

CVE-2013-0215 (GCVE-0-2013-0215)

Tags

Sightings

Nomenclature