製品・ソフトウェアに関する情報

JVN脆弱性詳細

Xen の PV ドメインビルダーにおけるサービス運用妨害 (DoS) の脆弱性

Title	Xen の PV ドメインビルダーにおけるサービス運用妨害 (DoS) の脆弱性
Summary	Xen の PV ドメインビルダーは、カーネル、または RAMディスクの (1) 展開前または (2) 展開後のサイズを確認しないため、サービス運用妨害 (ドメイン 0 のメモリ消費) 状態となる脆弱性が存在します。
Possible impacts	ローカルのゲスト管理者により、巧妙に細工された (a) カーネル、または (b) RAM ディスクを介して、サービス運用妨害 (ドメイン 0 のメモリ消費) 状態にされる可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	Oct. 31, 2012, midnight
Registration Date	Nov. 2, 2012, 1:52 p.m.
Last Update	Nov. 2, 2012, 1:52 p.m.

CVSS2.0 : 注意
Score	2.1
Vector	AV:L/AC:L/Au:N/C:N/I:N/A:P

Affected System

シトリックス・システムズ

Xen 4.2 およびそれ以前

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2012-4544	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4544
National Vulnerability Database (NVD)
2	CVE-2012-4544	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4544

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-20	https://jvndb.jvn.jp/ja/cwe/CWE-20.html

ベンダー情報

No	Name	URL
Xen
1	Top Page	http://www.xen.org/
2	[Xen-users] Xen Security Advisory 25 (CVE-2012-4544) - Xen domain builder Out-of-memory due to malicious kernel/ramdisk	http://xen.markmail.org/message/uh5q3kqjawmbkv37?q=CVE-2012-4544

Change Log

No	Changed Details	Date of change
0	[2012年11月02日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2012-4544

Summary	The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of service (domain 0 memory consumption) via a crafted (a) kernel or (b) ramdisk.
Publication Date	Nov. 1, 2012, 1:55 a.m.
Registration Date	Jan. 28, 2021, 3:03 p.m.
Last Update	Nov. 21, 2024, 10:43 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:o:xen:xen:4.1.2:::::::*
cpe:2.3:o:xen:xen:4.1.1:::::::*
cpe:2.3:o:xen:xen:4.1.0:::::::*
cpe:2.3:o:xen:xen:4.1.3:::::::*
cpe:2.3:o:xen:xen::::::::		4.2.0

Related information, measures and tools

No	URL	タグ
1	http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091832.html
2	http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091832.html
3	http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091844.html
4	http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091844.html
5	http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092050.html
6	http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092050.html
7	http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00008.html
8	http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00008.html
9	http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00009.html
10	http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00009.html
11	http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html
12	http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html
13	http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html
14	http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html
15	http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html
16	http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html
17	http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html
18	http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html
19	http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html
20	http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html
21	http://osvdb.org/86619
22	http://osvdb.org/86619
23	http://rhn.redhat.com/errata/RHSA-2013-0241.html
24	http://rhn.redhat.com/errata/RHSA-2013-0241.html
25	http://secunia.com/advisories/51071	Vendor Advisory
26	http://secunia.com/advisories/51071	Vendor Advisory
27	http://secunia.com/advisories/51324
28	http://secunia.com/advisories/51324
29	http://secunia.com/advisories/51352
30	http://secunia.com/advisories/51352
31	http://secunia.com/advisories/51413
32	http://secunia.com/advisories/51413
33	http://www.debian.org/security/2013/dsa-2636
34	http://www.debian.org/security/2013/dsa-2636
35	http://www.openwall.com/lists/oss-security/2012/10/26/3
36	http://www.openwall.com/lists/oss-security/2012/10/26/3
37	http://www.securityfocus.com/bid/56289
38	http://www.securityfocus.com/bid/56289
39	http://www.securitytracker.com/id?1027699
40	http://www.securitytracker.com/id?1027699
41	https://exchange.xforce.ibmcloud.com/vulnerabilities/79617
42	https://exchange.xforce.ibmcloud.com/vulnerabilities/79617

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-20	不適切な入力確認	https://cwe.mitre.org/data/definitions/20.html