Detections
Analytics
Xen Multiple Vulnerabilities (XSA-186, XSA-187)
high Nessus Plugin ID 93802
Language:
Synopsis
The remote Xen hypervisor installation is missing a security update.Description
According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by multiple vulnerabilities :- A flaw exists due to improper handling of instruction pointer truncation when emulating HVM instructions. An attacker on the guest can exploit this to gain elevated privileges on the host. (CVE-2016-7093)
- An overflow condition exists due to x86 HVM guests running with shadow paging using a subset of the x86 emulator to handle the guest writing to pagetables. An attacker on the guest can exploit this to cause a denial of service condition on the host. (CVE-2016-7094)
Note that Nessus has checked the changeset versions based on the xen.git change log. Nessus did not check guest hardware configurations or if patches were applied manually to the source code before a recompile and reinstall.
Solution
Apply the appropriate patch according to the vendor advisory.See Also
https://xenbits.xen.org/xsa/advisory-186.html
Plugin Details
Severity: High
ID: 93802
File Name: xen_server_XSA-187.nasl
Version: 1.8
Type: local
Family: Misc.
Published: 9/29/2016
Updated: 7/10/2020
Configuration: Enable paranoid mode
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.5
CVSS v2
Risk Factor: High
Base Score: 7.2
Temporal Score: 5.3
Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS v3
Risk Factor: High
Base Score: 8.2
Temporal Score: 7.1
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:xen:xen
Required KB Items: Settings/ParanoidReport, installed_sw/Xen Hypervisor
Exploit Ease: No known exploits are available
Patch Publication Date: 9/8/2016
Vulnerability Publication Date: 9/8/2016
Reference Information
CVE: CVE-2016-7093, CVE-2016-7094
IAVB: 2016-B-0140-S