The xlu_vif_parse_rate function in the libxlu library in Xen 4.2.x and 4.3.x allows local users to cause a denial of service (NULL pointer dereference) by using the "@" character as the VIF rate configuration.
http://security.gentoo.org/glsa/glsa-201407-03.xml
Source: MITRE
Published: 2013-10-17
Updated: 2017-08-29
Type: NVD-CWE-Other
Base Score: 1.9
Vector: AV:L/AC:M/Au:N/C:N/I:N/A:P
Impact Score: 2.9
Exploitability Score: 3.4
Severity: LOW
OR
cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.2.1:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.2.2:*:*:*:*:*:*:*
ID | Name | Product | Family | Severity |
---|---|---|---|---|
83602 | SUSE SLED11 / SLES11 Security Update : Xen (SUSE-SU-2013:1774-1) | Nessus | SuSE Local Security Checks | high |
76544 | GLSA-201407-03 : Xen: Multiple Vunlerabilities | Nessus | Gentoo Local Security Checks | high |
74865 | openSUSE Security Update : xen (openSUSE-SU-2013:1953-1) | Nessus | SuSE Local Security Checks | medium |
70969 | SuSE 11.2 / 11.3 Security Update : Xen (SAT Patch Numbers 8478 / 8479) | Nessus | SuSE Local Security Checks | high |
70550 | Fedora 18 : xen-4.2.3-4.fc18 (2013-19053) | Nessus | Fedora Local Security Checks | medium |
70549 | Fedora 19 : xen-4.2.3-4.fc19 (2013-19048) | Nessus | Fedora Local Security Checks | medium |