ID CVE-2011-3262
Summary tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allows local users to cause a denial of service (management software infinite loop and management domain resource consumption) via unspecified vectors related to "Lack of error checking in the decompression loop."
References
Vulnerable Configurations
  • cpe:2.3:a:citrix:xen:3.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:citrix:xen:3.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:citrix:xen:3.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:citrix:xen:3.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:citrix:xen:4.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:citrix:xen:4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:citrix:xen:4.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:citrix:xen:4.1.0:*:*:*:*:*:*:*
CVSS
Base: 2.1 (as of 29-08-2017 - 01:30)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
bugzilla
id 696927
title CVE-2011-1583 CVE-2011-3262 xen: insufficiencies in pv kernel image validation
oval
AND
  • comment Red Hat Enterprise Linux 5 is installed
    oval oval:com.redhat.rhba:tst:20070331001
  • OR
    • AND
      • comment xen is earlier than 0:3.0.3-120.el5_6.2
        oval oval:com.redhat.rhsa:tst:20110496002
      • comment xen is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhsa:tst:20070114003
    • AND
      • comment xen-devel is earlier than 0:3.0.3-120.el5_6.2
        oval oval:com.redhat.rhsa:tst:20110496004
      • comment xen-devel is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhsa:tst:20070114007
    • AND
      • comment xen-libs is earlier than 0:3.0.3-120.el5_6.2
        oval oval:com.redhat.rhsa:tst:20110496006
      • comment xen-libs is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhsa:tst:20070114005
rhsa
id RHSA-2011:0496
released 2011-05-09
severity Important
title RHSA-2011:0496: xen security update (Important)
rpms
  • xen-0:3.0.3-120.el5_6.2
  • xen-devel-0:3.0.3-120.el5_6.2
  • xen-libs-0:3.0.3-120.el5_6.2
refmap via4
gentoo GLSA-201309-24
mlist
  • [Xen-devel] 20110509 Re: Xen security advisory CVE-2011-1583 - pv kernel image validation
  • [Xen-devel] 20110509 Xen security advisory CVE-2011-1583 - pv kernel image validation
secunia 55082
xf xen-xcdombzimageloader-dos(69381)
Last major update 29-08-2017 - 01:30
Published 19-08-2011 - 20:55
Back to Top