Info

Disclosure

Jun 12, 2012

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Jun 12, 2012

Description

Xen contains a flaw that may allow a local denial of service. The issue is triggered by a non-canonical boundary sequential error, and will result in loss of availability for the system.

Classification

Location: Local Access Required
Attack Type: Denial of Service
Impact: Loss of Availability
Solution: Patch / RCS
Exploit: Exploit Unknown
Disclosure: Vendor Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, the vendor has released a patch to address this vulnerability. Check the vendor advisory or solution in the references section.

Products

Citrix Systems, Inc.	Xen	3.4
		4.0
		4.1

References

Security Tracker: 1027168
CVE ID: 2012-2934 (see also: NVD)
Secunia Advisory ID: 49381 49500 49540 49570 49861 49998 51413
Related OSVDB ID: 82934 82943
Vendor Specific News/Changelog Entry: http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00008.html
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html
http://lists.opensuse.org/opensuse-updates/2012-07/msg00035.html
http://wiki.openvz.org/Download/kernel/rhel5/028stab101.1
http://www.debian.org/security/2012/dsa-2501
Vendor Specific Advisory URL: http://lists.xen.org/archives/html/xen-announce/2012-06/msg00002.html
http://support.amd.com/us/Processor_TechDocs/25759.pdf
RedHat RHSA: RHSA-2012:0721

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/82933

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Citrix Systems, Inc.

Xen

References

Credit