Linux Foundation Xen up to 4.3.0 I/O Instruction Emulator information disclosure
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 3.2 | $0-$5k | 0.00 |
Summary
A vulnerability was found in Linux Foundation Xen and classified as problematic. Impacted is an unknown function of the component I/O Instruction Emulator. Such manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2013-4355. No exploit exists. It is advisable to implement a patch to correct this issue.
Details
A vulnerability, which was classified as problematic, has been found in Linux Foundation Xen (Virtualization Software). Affected by this issue is an unknown code of the component I/O Instruction Emulator. The manipulation with an unknown input leads to a information disclosure vulnerability. Using CWE to declare the problem leads to CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. Impacted is confidentiality. CVE summarizes:
Xen 4.3.x and earlier does not properly handle certain errors, which allows local HVM guests to obtain hypervisor stack memory via a (1) port or (2) memory mapped I/O write or (3) other unspecified operations related to addresses without associated memory.The advisory summarizes:
Xen 3.2.x and later are vulnerable. Xen 3.1.x and earlier have not been inspected.
The weakness was disclosed 09/30/2013 with Coverity Scan Project as XSA-63 as confirmed mailinglist post (oss-sec). The advisory is shared for download at seclists.org. The public release has been coordinated in cooperation with the vendor. This vulnerability is handled as CVE-2013-4355 since 06/12/2013. The attack needs to be approached locally. A simple authentication is needed for exploitation. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1592.
The vulnerability scanner Nessus provides a plugin with the ID 71305 (Scientific Linux Security Update : kernel on SL5.x i386/x86_64), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Scientific Linux Local Security Checks. The commercial vulnerability scanner Qualys is able to test this issue with plugin 370045 (Citrix XenServer Security Update (CTX139295)).
Applying the patch xsa63.patch is able to eliminate this problem. It is possible to mitigate the problem by applying the configuration setting PV Guests only. The best possible mitigation is suggested to be patching the affected component. A possible mitigation has been published immediately after the disclosure of the vulnerability. The mailinglist post contains the following remark:
Running only PV guests will avoid this issue.
The vulnerability is also documented in the databases at X-Force (87565), Tenable (71305), SecurityFocus (BID 62708†), OSVDB (97955†) and Secunia (SA54838†). openwall.com is providing further details. The entries VDB-10531 and VDB-10668 are pretty similar. If you want to get best quality of vulnerability data, you may have to visit VulDB.
Product
Type
Vendor
Name
Version
- 3.0.2
- 3.0.3
- 3.0.4
- 3.1.3
- 3.1.4
- 3.2.0
- 3.2.1
- 3.2.2
- 3.2.3
- 3.3.0
- 3.3.1
- 3.3.2
- 3.4.0
- 3.4.1
- 3.4.2
- 3.4.3
- 3.4.4
- 4.0.0
- 4.0.1
- 4.0.2
- 4.0.3
- 4.0.4
- 4.1.0
- 4.1.1
- 4.1.2
- 4.1.3
- 4.1.4
- 4.1.5
- 4.2.0
- 4.2.1
- 4.2.2
- 4.2.3
- 4.3.0
License
Website
- Vendor: https://www.linuxfoundation.org/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 3.3VulDB Meta Temp Score: 3.2
VulDB Base Score: 3.3
VulDB Temp Score: 3.2
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Information disclosureCWE: CWE-200 / CWE-284 / CWE-266
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: No
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 71305
Nessus Name: Scientific Linux Security Update : kernel on SL5.x i386/x86_64
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Port: 🔍
OpenVAS ID: 881835
OpenVAS Name: CentOS Update for kernel CESA-2013:1790 centos5
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Patch: xsa63.patch
Config: PV Guests only
Timeline
06/12/2013 🔍09/30/2013 🔍
09/30/2013 🔍
09/30/2013 🔍
09/30/2013 🔍
10/01/2013 🔍
10/01/2013 🔍
10/03/2013 🔍
12/10/2013 🔍
12/15/2013 🔍
05/26/2021 🔍
Sources
Vendor: linuxfoundation.orgAdvisory: XSA-63
Organization: Coverity Scan Project
Status: Confirmed
Coordinated: 🔍
CVE: CVE-2013-4355 (🔍)
GCVE (CVE): GCVE-0-2013-4355
GCVE (VulDB): GCVE-100-10532
OVAL: 🔍
X-Force: 87565
SecurityFocus: 62708
Secunia: 54838 - Xen HVM Guest Hypervisor Stack Data Disclosure Weakness, Not Critical
OSVDB: 97955
Vulnerability Center: 42557 - XenSource Xen Before 4.3 and Citrix XenServer Up Until 6.2 Local Leakage of Sensitive Information (CVE-2013-4355), Low
Misc.: 🔍
See also: 🔍
Entry
Created: 10/03/2013 11:52Updated: 05/26/2021 07:02
Changes: 10/03/2013 11:52 (53), 05/17/2017 08:52 (34), 05/26/2021 06:48 (4), 05/26/2021 07:02 (1)
Complete: 🔍
Cache ID: 216:E70:103
No comments yet. Languages: en.
Please log in to comment.