PT-2015-6126 · Xen+1 · Xen+1

Donghai Zhu

Published

2015-07-16

Updated

2024-06-15

CVE-2015-3259

CVSS v2.0

6.8

Medium

Vector

AV:L/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Xen versions 4.1.x through 4.5.x

Description A stack-based buffer overflow issue exists in the xl command line utility. This allows local guest administrators to potentially gain privileges by providing a long configuration argument.

Recommendations For Xen versions 4.1.x through 4.5.x, consider restricting access to the xl command line utility until a patch is available. As a temporary workaround, avoid using long configuration arguments with the xl utility to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2015-3259

DSA-3414-1

MGASA-2016-0098

OPENSUSE-SU-2015_2003-1

OPENSUSE-SU-2024:10196-1

SUSE-SU-2015:1299-1

SUSE-SU-2015:1302-1

SUSE-SU-2015:1479-1

SUSE-SU-2015:1479-2

SUSE-SU-2015:2324-1

SUSE-SU-2015_1299-1

SUSE-SU-2015_1302-1

SUSE-SU-2015_2324-1

Affected Products

Suse

Xen

PT-2015-6126 · Xen+1 · Xen+1

CVE-2015-3259

Weakness Enumeration

Related Identifiers

Affected Products

References · 291