VulDB: Citrix Xen up to 4.1.2 denial of service [CVE-2012-3432]
General
scipID: 5876
Affected: Citrix Xen up to 4.1.2
Published: 07/26/2012
Risk: 
problematic
Entry: 83.6% complete
Created: 08/08/2012
Updated: 09/03/2012
Summary
A vulnerability, which was classified as problematic, has been found in Citrix Xen up to 4.1.2. Affected by this issue is an unknown function. The manipulation with an unknown input leads to a denial of service vulnerability. Impacted is availability.
The weakness was released 07/26/2012 as Xen Security Advisory 10 as advisory (Website). The advisory is shared for download at openwall.com. This vulnerability is handled as CVE-2012-3432 since 06/14/2012. The attack needs to be approached locally. No form of authentication is required for exploitation. There are neither technical details nor an exploit publicly available.
The best possible mitigation is suggested to be patching the affected component. A possible mitigation has been published immediately after the disclosure of the vulnerability. The vulnerability is also documented in the databases at OSVDB (84241) and Secunia (SA49789).CVSS
Base Score: 4.7 (CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C) [?]
| Access Vector | Access Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Local | High | Multiple | None | None | None |
| Adjacent | Medium | Single | Partial | Partial | Partial |
| Network | Low | None | Complete | Complete | Complete |
Exploiting
Class: Denial of service
Local: Yes
Remote: No
Availability: No
Countermeasures
Recommended: Patch
Reaction Time: 0 days since reported
0-Day Time: 0 days since found
Exposure Time: 0 days since known
Timeline
06/14/2012 | CVE assigned
07/26/2012 | Advisory disclosed
07/26/2012 | Countermeasure disclosed
07/28/2012 | OSVDB entry created
08/08/2012 | VulDB entry created
09/03/2012 | VulDB entry updated
Sources
Advisory: Xen Security Advisory 10
OSVDB: 84241
CVE: CVE-2012-3432 (mitre.org) (nist.org) (cvedetails.com)
Secunia: 49789
- Latest Entries
- Apple QuickTime DREF Atom Handler buffer overflow [CVE-2013-1017]
- Apple QuickTime H.264 Handler buffer overflow [CVE-2013-1018]
- Apple QuickTime MP3 File Handler buffer overflow [CVE-2013-0989]
- Apple QuickTime Sorenson Codec Handler buffer overflow [CVE-2013-1019]
- Apple QuickTime JPEG Handler buffer overflow [CVE-2013-1020]
- Statistics
- Archive
