Vulnerability CVE-2013-2211

Vulnerability Name:

CVE-2013-2211 (CCN-85154)

Assigned:

2013-06-21

Published:

2013-06-21

Updated:

2014-12-12

Summary:

The libxenlight (libxl) toolstack library in Xen 4.0.x, 4.1.x, and 4.2.x uses weak permissions for xenstore keys for paravirtualised and emulated serial console devices, which allows local guest administrators to modify the xenstore value via unspecified vectors.

CVSS v3 Severity:

4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

7.4 High (CVSS v2 Vector: AV:A/AC:M/Au:S/C:C/I:C/A:C)
5.4 Medium (Temporal CVSS v2 Vector: AV:A/AC:M/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Adjacent_Network Access Complexity (AC): Medium Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)
1.6 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-264

Vulnerability Consequences:

Bypass Security

References:

Source: MITRE
Type: CNA
CVE-2013-2211

Source: SUSE
Type: UNKNOWN
SUSE-SU-2014:0446

Source: CCN
Type: SA53900
Xen libxenlight XenStore Keys Insecure Permissions Security Issue

Source: SECUNIA
Type: UNKNOWN
55082

Source: GENTOO
Type: UNKNOWN
GLSA-201309-24

Source: DEBIAN
Type: UNKNOWN
DSA-3006

Source: CCN
Type: XSA-57
libxl allows guest write access to sensitive console related xenstore keys

Source: MLIST
Type: UNKNOWN
[oss-security] 20130625 Re: Xen Security Advisory 57 - libxl allows guest write access to sensitive console related xenstore keys

Source: MLIST
Type: UNKNOWN
[oss-security] 20130626 Xen Security Advisory 57 (CVE-2013-2211) - libxl allows guest write access to sensitive console related xenstore keys

Source: CCN
Type: BID-60721
libxenlight (libxl) Library For Xen Local Security Bypass Vulnerability

Source: XF
Type: UNKNOWN
xen-xenstore-sec-bypass(85154)

Vulnerable Configuration:

Configuration 1:

cpe:/o:xen:xen:4.2.0:*:*:*:*:*:*:*

OR cpe:/o:xen:xen:4.2.1:*:*:*:*:*:*:*

OR cpe:/o:xen:xen:4.2.2:*:*:*:*:*:*:*

Configuration 2:

cpe:/o:xen:xen:4.1.0:*:*:*:*:*:*:*

OR cpe:/o:xen:xen:4.1.1:*:*:*:*:*:*:*

OR cpe:/o:xen:xen:4.1.2:*:*:*:*:*:*:*

OR cpe:/o:xen:xen:4.1.3:*:*:*:*:*:*:*

OR cpe:/o:xen:xen:4.1.4:*:*:*:*:*:*:*

OR cpe:/o:xen:xen:4.1.5:*:*:*:*:*:*:*

Configuration 3:

cpe:/o:xen:xen:4.0.0:*:*:*:*:*:*:*

OR cpe:/o:xen:xen:4.0.1:*:*:*:*:*:*:*

OR cpe:/o:xen:xen:4.0.2:*:*:*:*:*:*:*

OR cpe:/o:xen:xen:4.0.3:*:*:*:*:*:*:*

OR cpe:/o:xen:xen:4.0.4:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:55531	P	Security update for harfbuzz (Important)	2023-04-14
oval:org.opensuse.security:def:20132211	V	CVE-2013-2211	2022-09-02
oval:org.opensuse.security:def:33791	P	Security update for MozillaFirefox (Important) (in QA)	2022-01-14
oval:org.opensuse.security:def:34682	P	Security update for the Linux Kernel (Important)	2022-01-14
oval:org.opensuse.security:def:29456	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:34004	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:33028	P	Security update for git (Low)	2021-10-20
oval:org.opensuse.security:def:33029	P	Security update for ncurses (Moderate)	2021-10-20
oval:org.opensuse.security:def:33730	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:33729	P	Security update for MozillaFirefox (Important)	2021-10-15
oval:org.opensuse.security:def:55246	P	Security update for openssl (Low)	2021-09-20
oval:org.opensuse.security:def:33706	P	Security update for unrar (Moderate)	2021-08-25
oval:org.opensuse.security:def:33705	P	Security update for openssl-1_1 (Important)	2021-08-24
oval:org.opensuse.security:def:33960	P	Security update for cpio (Important)	2021-08-23
oval:org.opensuse.security:def:55924	P	Security update for arpwatch (Important)	2021-06-28
oval:org.opensuse.security:def:33936	P	Security update for ovmf (Important)	2021-06-24
oval:org.opensuse.security:def:32949	P	Security update for webkit2gtk3 (Important)	2021-06-17
oval:org.opensuse.security:def:32950	P	Security update for apache2 (Important)	2021-06-17
oval:org.opensuse.security:def:32937	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:32939	P	Security update for qemu (Important)	2021-06-08
oval:org.opensuse.security:def:32938	P	Security update for libX11 (Important)	2021-06-08
oval:org.opensuse.security:def:33666	P	Security update for apache2-mod_auth_openidc (Important)	2021-06-08
oval:org.opensuse.security:def:33667	P	Security update for spice (Important)	2021-06-08
oval:org.opensuse.security:def:34452	P	Security update for gstreamer-plugins-bad (Important)	2021-06-07
oval:org.opensuse.security:def:34451	P	Security update for polkit (Important)	2021-06-03
oval:org.opensuse.security:def:29370	P	Security update for dhcp (Important)	2021-06-01
oval:org.opensuse.security:def:33897	P	Security update for libnettle (Important)	2021-04-28
oval:org.opensuse.security:def:34412	P	Security update for ImageMagick (Moderate)	2021-04-20
oval:org.opensuse.security:def:34411	P	Security update for sudo (Important)	2021-04-20
oval:org.opensuse.security:def:33634	P	Security update for clamav (Important)	2021-04-14
oval:org.opensuse.security:def:33773	P	Security update for perl-XML-Twig (Moderate)	2021-03-01
oval:org.opensuse.security:def:34642	P	Security update for MozillaFirefox (Important)	2021-03-01
oval:org.opensuse.security:def:33774	P	Security update for MozillaFirefox (Important)	2021-03-01
oval:org.opensuse.security:def:28940	P	Security update for krb5-appl (Important)	2021-02-19
oval:org.opensuse.security:def:28939	P	Security update for java-1_7_1-ibm (Important)	2021-02-18
oval:org.opensuse.security:def:55843	P	Security update for python (Important)	2021-02-11
oval:org.opensuse.security:def:28927	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP2) (Important)	2021-02-10
oval:org.opensuse.security:def:28928	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP2) (Important)	2021-02-10
oval:org.opensuse.security:def:28929	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP2) (Important)	2021-02-10
oval:org.opensuse.security:def:29368	P	Security update for dovecot22 (Important)	2021-01-04
oval:org.opensuse.security:def:29367	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:29955	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP2) (Important)	2020-12-07
oval:org.opensuse.security:def:33617	P	Security update for python-cryptography (Moderate)	2020-12-04
oval:org.opensuse.security:def:33618	P	Security update for postgresql12 (Important)	2020-12-04
oval:org.opensuse.security:def:26245	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:54974	P	pam-modules on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29574	P	Security update for Apache2	2020-12-01
oval:org.opensuse.security:def:26234	P	Security update for LibreOffice (Moderate)	2020-12-01
oval:org.opensuse.security:def:33164	P	libmysqlclient15-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29751	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:26965	P	libproxy0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:57274	P	Security update for Xen	2020-12-01
oval:org.opensuse.security:def:26437	P	Security update for enigmail (Important)	2020-12-01
oval:org.opensuse.security:def:33403	P	Security update for Salt (Moderate)	2020-12-01
oval:org.opensuse.security:def:29662	P	Security update for CVS	2020-12-01
oval:org.opensuse.security:def:29008	P	Security update for gnutls (Important)	2020-12-01
oval:org.opensuse.security:def:33546	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:29854	P	Security update for Linux Kernel	2020-12-01
oval:org.opensuse.security:def:27647	P	Security update for libxml2	2020-12-01
oval:org.opensuse.security:def:29170	P	Security update for MozillaFirefox, mozilla-nss (Important)	2020-12-01
oval:org.opensuse.security:def:27504	P	libxcrypt-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29724	P	Security update for MozillaFirefox, mozilla-nspr (Important)	2020-12-01
oval:org.opensuse.security:def:54401	P	wireshark on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29225	P	Security update for php53 (Important)	2020-12-01
oval:org.opensuse.security:def:29911	P	Security update for libapr-util1 (Moderate)	2020-12-01
oval:org.opensuse.security:def:27739	P	Security update for MozillaFirefox	2020-12-01
oval:org.opensuse.security:def:30399	P	Security update for Xen	2020-12-01
oval:org.opensuse.security:def:30593	P	Security update for openvpn	2020-12-01
oval:org.opensuse.security:def:33180	P	libsndfile on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55080	P	cracklib on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27841	P	Security update for mysql (Moderate)	2020-12-01
oval:org.opensuse.security:def:27173	P	libapr-util1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33258	P	squid3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29575	P	Security update for apache2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:27162	P	kernel-default on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33394	P	Security update for SUSE Manager Client Tools (Moderate)	2020-12-01
oval:org.opensuse.security:def:27894	P	Security update for struts	2020-12-01
oval:org.opensuse.security:def:27365	P	Xerces-c on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33404	P	Security update for zeromq (Important)	2020-12-01
oval:org.opensuse.security:def:29663	P	Security update for cvs (Moderate)	2020-12-01
oval:org.opensuse.security:def:29009	P	Security update for gnutls (Moderate)	2020-12-01
oval:org.opensuse.security:def:26659	P	NetworkManager on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55731	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:28576	P	Security update for libotr	2020-12-01
oval:org.opensuse.security:def:54423	P	at on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29282	P	Security update for xorg-x11-libX11 (Important)	2020-12-01
oval:org.opensuse.security:def:29725	P	Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (Important)	2020-12-01
oval:org.opensuse.security:def:29226	P	Security update for postgresql94 (Important)	2020-12-01
oval:org.opensuse.security:def:26863	P	apache2-mod_jk on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:54801	P	gtk2-data on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29520	P	Security update for LibVNCServer (Critical)	2020-12-01
oval:org.opensuse.security:def:30400	P	Security update for Xen	2020-12-01
oval:org.opensuse.security:def:26233	P	Security update for python-reportlab (Important)	2020-12-01
oval:org.opensuse.security:def:29598	P	Security update for audiofile (Moderate)	2020-12-01
oval:org.opensuse.security:def:26951	P	libgnomesu on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:57200	P	Security update for compat-openssl097g	2020-12-01
oval:org.opensuse.security:def:26309	P	Security update for haproxy (Important)	2020-12-01
oval:org.opensuse.security:def:33315	P	openssh-openssl1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29623	P	Security update for bsdtar (Moderate)	2020-12-01
oval:org.opensuse.security:def:33489	P	Security update for libsndfile	2020-12-01
oval:org.opensuse.security:def:29805	P	Security update for ipsec-tools (Moderate)	2020-12-01
oval:org.opensuse.security:def:27009	P	pcsc-ccid on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26518	P	OpenEXR on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33560	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:29680	P	Security update for ecryptfs-utils	2020-12-01
oval:org.opensuse.security:def:29158	P	Security update for libvirt (Important)	2020-12-01
oval:org.opensuse.security:def:29139	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:29893	P	Security update for krb5 (Important)	2020-12-01
oval:org.opensuse.security:def:27682	P	Security update for Xen	2020-12-01
oval:org.opensuse.security:def:29239	P	Security update for samba (Moderate)	2020-12-01
oval:org.opensuse.security:def:27588	P	xorg-x11-libXv-devel-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30362	P	Security update for wireshark	2020-12-01
oval:org.opensuse.security:def:29283	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:33848	P	Security update for hplip	2020-12-01
oval:org.opensuse.security:def:33169	P	libopenssl0_9_8 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27792	P	Security update for libgcrypt	2020-12-01
oval:org.opensuse.security:def:33168	P	libopensc2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33163	P	libmysql55client18-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29521	P	Security update for LibVNCServer (Important)	2020-12-01
oval:org.opensuse.security:def:30630	P	Security update for Xen	2020-12-01
oval:org.opensuse.security:def:27161	P	kdirstat on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33259	P	squidGuard on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27880	P	Security update for rubygem-activesupport-3_2	2020-12-01
oval:org.opensuse.security:def:27237	P	mailman on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33316	P	openvpn-openssl1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29624	P	Security update for Mono	2020-12-01
oval:org.opensuse.security:def:26575	P	krb5-doc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55639	P	Security update for strongswan (Important)	2020-12-01
oval:org.opensuse.security:def:27938	P	Security update for GraphicsMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:29159	P	Security update for libvirt (Important)	2020-12-01
oval:org.opensuse.security:def:27447	P	libgcrypt-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33561	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:29681	P	Security update for ecryptfs-utils (Moderate)	2020-12-01
oval:org.opensuse.security:def:54400	P	wget on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29140	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26810	P	pure-ftpd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55805	P	Security update for openldap2 (Important)	2020-12-01
oval:org.opensuse.security:def:28611	P	Security update for Xen	2020-12-01
oval:org.opensuse.security:def:54563	P	libjson-c2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30363	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:29513	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:26912	P	gtk2 on GA media (Moderate)	2020-12-01
oval:org.mitre.oval:def:26366	P	DSA-3006-1 xen - security update	2014-10-27
oval:org.mitre.oval:def:25115	P	SUSE-SU-2014:0446-1 -- Security update for Xen	2014-09-08
oval:org.mitre.oval:def:25878	P	SUSE-SU-2013:1314-1 -- Security update for Xen	2014-09-08
oval:org.opensuse.security:def:79908	P	Security update for Xen	2013-10-29
oval:com.ubuntu.precise:def:20132211000	V	CVE-2013-2211 on Ubuntu 12.04 LTS (precise) - medium.	2013-08-28

BACK