CVE-2014-3969

Xen 4.4.x, when running on an ARM system, does not properly check write permissions on virtual addresses, which allows local guest administrators to gain privileges via unspecified vectors.

CVSS v2.0 7.4 HIGH

7.4^/10

CVSS v2.0 : HIGH

Vector : AV:A/AC:M/Au:S/C:C/I:C/A:C

Exploitability : 4.4 / Impact : 10.0

Access Vector ADJACENT_NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/58975	Permissions Required
http://www.openwall.com/lists/oss-security/2014/06/04/14	Mailing List Third Party Advisory
http://www.securityfocus.com/bid/67819	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1030333	Third Party Advisory VDB Entry
http://xenbits.xen.org/xsa/advisory-98.html	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:xen:xen:4.4.0:::::::*
	cpe:2.3:o:xen:xen:4.4.0:rc1::::::

History

No history.

Information

Published : 2014-06-05 20:55

Updated : 2024-02-28 12:20

NVD link : CVE-2014-3969

Mitre link : CVE-2014-3969

CVE.ORG link : CVE-2014-3969

JSON object : View

Products Affected

xen

xen

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2014-3969", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.4, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:M/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 4.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-06-05T20:55:06.657", "references": [{"url": "http://secunia.com/advisories/58975", "tags": ["Permissions Required"], "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2014/06/04/14", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/67819", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id/1030333", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://xenbits.xen.org/xsa/advisory-98.html", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "Xen 4.4.x, when running on an ARM system, does not properly check write permissions on virtual addresses, which allows local guest administrators to gain privileges via unspecified vectors."}, {"lang": "es", "value": "Xen 4.4.x, cuando funciona en un sistema ARM, no comprueba debidamente permisos de escritura en direcciones virtuales, lo que permite a administradores locales invitados ganar privilegios a trav\u00e9s de vectores no especificados."}], "lastModified": "2018-10-30T16:26:53.700", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xen:xen:4.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1044792C-D544-457C-9391-4F3B5BAB978D"}, {"criteria": "cpe:2.3:o:xen:xen:4.4.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF23B21B-594A-42E2-AF90-D5C4246B39A4"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}