openSUSE Security Update : xen (xen-1239)

This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

xend did not properly enforce access control of the xenstore directory
tree, therefore allowing guest VM's to write there. This could lead to
security problems if other applications such as libvirt are not
prepared for untrusted data in the xenstore directory (CVE-2008-4405).

See also :

https://bugzilla.novell.com/show_bug.cgi?id=432485

Solution :

Update the affected xen packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

Family: SuSE Local Security Checks

Nessus Plugin ID: 40844 ()

Bugtraq ID:

CVE ID: CVE-2008-4405

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now