Detections
Analytics

Citrix XenServer Multiple Vulnerabilities (CTX216071)

medium Nessus Plugin ID 93608

Language:

Synopsis

The remote host is affected by multiple vulnerabilities.

Description

The version of Citrix XenServer running on the remote host is missing a security hotfix. It is, therefore, affected by multiple vulnerabilities :

 - A flaw exists due to improper handling of pagetable walks that contain recursive L3 pagetable entries. An attacker on the guest can exploit this to gain elevated privileges. (CVE-2016-7092)

 - A flaw exists due to improper handling of instruction pointer truncation when emulating HVM instructions. An attacker on the guest can exploit this to gain elevated privileges. (CVE-2016-7093)

 - An overflow condition exists in the x86 HVM guests due to improper handling of writing to pagetables, specifically when the guest is running shadow paging using a subset of the x86 emulator. An attacker on the guest can exploit this to cause a denial of service condition on the host. (CVE-2016-7094)

 - A use-after-free error exists when calling the EVTCHNOP_init_control operation with a bad guest frame number. An attacker on the guest can exploit this, by freeing a control structure without also clearing the corresponding pointer, to crash the host or potentially gain elevated privileges. (CVE-2016-7154)

Solution

Apply the appropriate hotfix according to the vendor advisory.

See Also

https://support.citrix.com/article/CTX216071

Plugin Details

Severity: Medium

ID: 93608

File Name: citrix_xenserver_CTX216071.nasl

Version: 1.12

Type: local

Family: Misc.

Published: 9/20/2016

Updated: 11/14/2019

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.5

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2016-7154

CVSS v3

Risk Factor: Medium

Base Score: 6.7

Temporal Score: 5.8

Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:citrix:xenserver

Required KB Items: Host/local_checks_enabled, Host/XenServer/version

Exploit Ease: No known exploits are available

Patch Publication Date: 9/8/2016

Vulnerability Publication Date: 9/8/2016

Reference Information

CVE: CVE-2016-7092, CVE-2016-7093, CVE-2016-7094, CVE-2016-7154

BID: 92862, 92863, 92864, 92865