>> Xen "flask_op" Hypercall Local Buffer Overflow Vulnerability
Title : Xen "flask_op" Hypercall Local Buffer Overflow Vulnerability VUPEN ID : VUPEN/ADV-2008-2426 CVE ID : CVE-2008-3687 CWE ID : CWE-119
Rated as : Moderate Risk
Remotely Exploitable : No Locally Exploitable : Yes Release Date : 2008-08-25
Technical Description
A vulnerability has been identified in Xen, which could be exploited by local attackers to cause a denial of service or gain elevated privileges. This issue is caused by a buffer overflow error when processing specially crafted arguments passed to the "flask_op" hypercall of the "XSM:Flask" module , which could allow malicious domain users (domU) to crash an affected system or execute arbitrary code with elevated privileges.
