PT-2019-6508 · Xen · Dtc-Xen
Thomas Goirand
+1
·
Published
2019-11-09
·
Updated
2019-11-12
·
CVE-2009-4011
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
dtc-xen versions 0.5.x before 0.5.4
Description
The issue is related to a race condition that could allow an attacker to gain bash access as the xenXX user on the dom0, potentially reusing an already opened VPS console.
Recommendations
For dtc-xen versions 0.5.x before 0.5.4, update to version 0.5.4 or later to resolve the issue.
Fix
Race Condition
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dtc-Xen