openSUSE Security Update : xen (xen-1239)

High Nessus Plugin ID 40844


The remote openSUSE host is missing a security update.


xend did not properly enforce access control of the xenstore directory tree, therefore allowing guest VM's to write there. This could lead to security problems if other applications such as libvirt are not prepared for untrusted data in the xenstore directory (CVE-2008-4405).


Update the affected xen packages.

See Also

Plugin Details

Severity: High

ID: 40844

File Name: suse_11_0_xen-090821.nasl

Version: $Revision: 1.6 $

Type: local

Agent: unix

Published: 2009/09/02

Modified: 2014/06/13

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:xen, p-cpe:/a:novell:opensuse:xen-devel, p-cpe:/a:novell:opensuse:xen-doc-html, p-cpe:/a:novell:opensuse:xen-doc-pdf, p-cpe:/a:novell:opensuse:xen-libs, p-cpe:/a:novell:opensuse:xen-tools, p-cpe:/a:novell:opensuse:xen-tools-domU, cpe:/o:novell:opensuse:11.0

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2009/08/21

Reference Information

CVE: CVE-2008-4405

CWE: 264