ID CVE-2011-3262
Summary tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allows local users to cause a denial of service (management software infinite loop and management domain resource consumption) via unspecified vectors related to "Lack of error checking in the decompression loop."
References
Vulnerable Configurations
  • cpe:2.3:a:citrix:xen:3.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:citrix:xen:3.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:citrix:xen:3.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:citrix:xen:3.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:citrix:xen:4.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:citrix:xen:4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:citrix:xen:4.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:citrix:xen:4.1.0:*:*:*:*:*:*:*
CVSS
Base: 2.1 (as of 29-08-2017 - 01:30)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
bugzilla
id 696927
title CVE-2011-1583 CVE-2011-3262 xen: insufficiencies in pv kernel image validation
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331005
    • OR
      • AND
        • comment xen is earlier than 0:3.0.3-120.el5_6.2
          oval oval:com.redhat.rhsa:tst:20110496001
        • comment xen is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070114002
      • AND
        • comment xen-devel is earlier than 0:3.0.3-120.el5_6.2
          oval oval:com.redhat.rhsa:tst:20110496003
        • comment xen-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070114004
      • AND
        • comment xen-libs is earlier than 0:3.0.3-120.el5_6.2
          oval oval:com.redhat.rhsa:tst:20110496005
        • comment xen-libs is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070114006
rhsa
id RHSA-2011:0496
released 2011-05-09
severity Important
title RHSA-2011:0496: xen security update (Important)
rpms
  • xen-0:3.0.3-120.el5_6.2
  • xen-debuginfo-0:3.0.3-120.el5_6.2
  • xen-devel-0:3.0.3-120.el5_6.2
  • xen-libs-0:3.0.3-120.el5_6.2
refmap via4
gentoo GLSA-201309-24
mlist
  • [Xen-devel] 20110509 Re: Xen security advisory CVE-2011-1583 - pv kernel image validation
  • [Xen-devel] 20110509 Xen security advisory CVE-2011-1583 - pv kernel image validation
secunia 55082
xf xen-xcdombzimageloader-dos(69381)
Last major update 29-08-2017 - 01:30
Published 19-08-2011 - 20:55
Last modified 29-08-2017 - 01:30
Back to Top