| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.2 | $0-$5k | 0.00 |
Summary
A vulnerability, which was classified as problematic, was found in Linux Foundation Xen up to 4.2.2. This affects an unknown part of the component Access Control Handler. The manipulation results in access control. This vulnerability is reported as CVE-2013-1919. No exploit exists. Applying a patch is advised to resolve this issue.
Details
A vulnerability, which was classified as critical, was found in Linux Foundation Xen up to 4.2.2 (Virtualization Software). Affected is some unknown functionality of the component Access Control Handler. The manipulation with an unknown input leads to a access control vulnerability. CWE is classifying the issue as CWE-264. This is going to have an impact on availability. CVE summarizes:
Xen 4.2.x and 4.1.x does not properly restrict access to IRQs, which allows local stub domain clients to gain access to IRQs and cause a denial of service via vectors related to "passed-through IRQs or PCI devices."
The weakness was disclosed 04/18/2013 as not defined mailinglist post (oss-sec). The advisory is shared for download at openwall.com. This vulnerability is traded as CVE-2013-1919 since 02/19/2013. It is possible to launch the attack remotely. A authentication is required for exploitation. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1068.
The vulnerability scanner Nessus provides a plugin with the ID 66028 (Debian DSA-2662-1 : xen - several vulnerabilities), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Debian Local Security Checks. The commercial vulnerability scanner Qualys is able to test this issue with plugin 370044 (Citrix XenServer Security Update (CTX137657)).
Applying the patch xsa46 is able to eliminate this problem. A possible mitigation has been published immediately after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at X-Force (83645), Tenable (66028), SecurityFocus (BID 59292†), OSVDB (92563†) and Secunia (SA53031†). The entries VDB-8474, VDB-8599 and VDB-8600 are pretty similar. VulDB is the best source for vulnerability data and more expert information about this specific topic.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.linuxfoundation.org/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.5VulDB Meta Temp Score: 6.2
VulDB Base Score: 6.5
VulDB Temp Score: 6.2
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Access controlCWE: CWE-264
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 66028
Nessus Name: Debian DSA-2662-1 : xen - several vulnerabilities
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
OpenVAS ID: 892662
OpenVAS Name: Debian Security Advisory DSA 2662-1 (xen - several vulnerabilities
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Patch: xsa46
Timeline
02/19/2013 🔍04/18/2013 🔍
04/18/2013 🔍
04/18/2013 🔍
04/18/2013 🔍
04/22/2013 🔍
04/23/2013 🔍
05/13/2013 🔍
05/21/2013 🔍
05/10/2021 🔍
Sources
Vendor: linuxfoundation.orgAdvisory: openwall.com
Status: Not defined
CVE: CVE-2013-1919 (🔍)
GCVE (CVE): GCVE-0-2013-1919
GCVE (VulDB): GCVE-100-8472
OVAL: 🔍
IAVM: 🔍
X-Force: 83645
SecurityFocus: 59292 - Xen CVE-2013-1919 Multiple Denial of Service Vulnerabilities
Secunia: 53031 - Debian update for xen, Less Critical
OSVDB: 92563
Vulnerability Center: 39671 - Xen 4.2.x and 4.1.x IRQs Local DoS Vulnerability via Vectors Related to \, Low
See also: 🔍
Entry
Created: 04/23/2013 10:51Updated: 05/10/2021 08:13
Changes: 04/23/2013 10:51 (80), 04/30/2017 10:41 (4), 05/10/2021 08:13 (3)
Complete: 🔍
Committer: olku
Cache ID: 216::103
VulDB is the best source for vulnerability data and more expert information about this specific topic.
No comments yet. Languages: en.
Please log in to comment.