Executive Summary

Informations
NameCVE-2010-3699First vendor Publication2010-12-08
VendorCveLast vendor Modification2018-10-10

Security-Database Scoring CVSS v2

Cvss vector : (AV:A/AC:L/Au:S/C:N/I:N/A:P)
Cvss Base Score2.7Attack RangeAdjacent network
Cvss Impact Score2.9Attack ComplexityLow
Cvss Expoit Score5.1AuthenticationRequires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

The backend driver in Xen 3.x allows guest OS users to cause a denial of service via a kernel thread leak, which prevents the device and guest OS from being shut down or create a zombie domain, causes a hang in zenwatch, or prevents unspecified xm commands from working properly, related to (1) netback, (2) blkback, or (3) blktap.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3699

CWE : Common Weakness Enumeration

%idName
100 %CWE-399Resource Management Errors

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:20490
 
Oval ID: oval:org.mitre.oval:def:20490
Title: VMware ESX third party updates for Service Console packages glibc and dhcp
Description: The backend driver in Xen 3.x allows guest OS users to cause a denial of service via a kernel thread leak, which prevents the device and guest OS from being shut down or create a zombie domain, causes a hang in zenwatch, or prevents unspecified xm commands from working properly, related to (1) netback, (2) blkback, or (3) blktap.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3699
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application16

OpenVAS Exploits

DateDescription
2012-07-30Name : CentOS Update for kernel CESA-2011:0004 centos5 x86_64
File : nvt/gb_CESA-2011_0004_kernel_centos5_x86_64.nasl
2012-03-16Name : VMSA-2011-0012.3 VMware ESXi and ESX updates to third party libraries and ESX...
File : nvt/gb_VMSA-2011-0012.nasl
2011-09-23Name : RedHat Update for kernel RHSA-2011:1321-01
File : nvt/gb_RHSA-2011_1321-01_kernel.nasl
2011-08-09Name : CentOS Update for kernel CESA-2011:0004 centos5 i386
File : nvt/gb_CESA-2011_0004_kernel_centos5_i386.nasl
2011-05-06Name : SuSE Update for kernel SUSE-SA:2011:020
File : nvt/gb_suse_2011_020.nasl
2011-04-22Name : SuSE Update for kernel SUSE-SA:2011:017
File : nvt/gb_suse_2011_017.nasl
2011-03-07Name : Debian Security Advisory DSA 2153-1 (linux-2.6)
File : nvt/deb_2153_1.nasl
2011-02-28Name : Ubuntu Update for linux vulnerabilities USN-1072-1
File : nvt/gb_ubuntu_USN_1072_1.nasl
2011-01-11Name : RedHat Update for kernel RHSA-2011:0004-01
File : nvt/gb_RHSA-2011_0004-01_kernel.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
69469Xen Backend Drivers Kernel Thread Reference Leak DoS

Information Assurance Vulnerability Management (IAVM)

DateDescription
2011-10-27IAVM : 2011-A-0147 - Multiple Vulnerabilities in VMware ESX and ESXi
Severity : Category I - VMSKEY : V0030545

Nessus® Vulnerability Scanner

DateDescription
2016-03-04Name : The remote VMware ESX / ESXi host is missing a security-related patch.
File : vmware_VMSA-2011-0012_remote.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_3_kernel-110414.nasl - Type : ACT_GATHER_INFO
2013-11-13Name : The remote VMware ESXi 5.0 host is affected by multiple security vulnerabilit...
File : vmware_esxi_5_0_build_515841_remote.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0004.nasl - Type : ACT_GATHER_INFO
2013-01-24Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1321.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110104_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-05-17Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-7304.nasl - Type : ACT_GATHER_INFO
2011-10-14Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2011-0012.nasl - Type : ACT_GATHER_INFO
2011-05-05Name : The remote openSUSE host is missing a security update.
File : suse_11_2_kernel-110413.nasl - Type : ACT_GATHER_INFO
2011-03-09Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-110228.nasl - Type : ACT_GATHER_INFO
2011-03-01Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1072-1.nasl - Type : ACT_GATHER_INFO
2011-01-31Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2153.nasl - Type : ACT_GATHER_INFO
2011-01-27Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-7303.nasl - Type : ACT_GATHER_INFO
2011-01-07Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-0004.nasl - Type : ACT_GATHER_INFO
2011-01-05Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0004.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/45039
BUGTRAQ http://www.securityfocus.com/archive/1/520102/100/0/threaded
CONFIRM http://www.vmware.com/security/advisories/VMSA-2011-0012.html
http://xenbits.xensource.com/linux-2.6.18-xen.hg?rev/59f097ef181b
REDHAT http://www.redhat.com/support/errata/RHSA-2011-0004.html
SECTRACK http://www.securitytracker.com/id?1024786
SUSE http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00007.html
VUPEN http://www.vupen.com/english/advisories/2011/0024
http://www.vupen.com/english/advisories/2011/0213

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
DateInformations
2018-10-11 00:19:58
  • Multiple Updates
2016-04-26 20:08:48
  • Multiple Updates
2016-03-05 13:26:42
  • Multiple Updates
2014-06-14 13:29:27
  • Multiple Updates
2014-02-17 10:57:48
  • Multiple Updates
2013-11-11 12:38:59
  • Multiple Updates
2013-05-10 23:34:07
  • Multiple Updates