Citrix XenServer Multiple Vulnerabilities (CTX219378)

low Nessus Plugin ID 96778

Synopsis

A server virtualization platform installed on the remote host is affected by multiple vulnerabilities.

Description

The version of Citrix XenServer installed on the remote host is missing a security hotfix. It is, therefore, affected by multiple vulnerabilities :

- A flaw exists in x86 instruction CMPXCHG8B due to legacy operand size overrides not being properly ignored when handling prefixes. A guest attacker can exploit this to disclose potentially sensitive information on the host system. Note that the ability to read a small amount of hypervisor memory is restricted to privileged-mode code in all guests except on Citrix XenServer 6.2 SP1 and 6.0.2CC, where the attack may also be performed from non-privileged-mode code in HVM guest VMs.
(CVE-2016-9932)

- A denial of service vulnerability exists when a guest asynchronously modifies its instruction stream to effect the clearing of EFLAGS.IF. A guest attacker can exploit this to cause the host to hang or crash.
(CVE-2016-10024)

- A denial of service vulnerability exists due to a NULL pointer dereference flaw that is triggered when the hvmemul_vmfunc() function pointer uses inappropriate NULL checks before indirect function calls. A guest attacker can exploit this to cause the hypervisor to crash. Note that the ability of privileged-mode code in HVM guest VMs to crash the host is restricted to AMD systems running Citrix XenServer 7.0. (CVE-2016-10025)

Solution

Apply the appropriate hotfix according to the vendor advisory.

See Also

https://support.citrix.com/article/CTX219378

Plugin Details

Severity: Low

ID: 96778

File Name: citrix_xenserver_CTX219378.nasl

Version: 1.8

Type: local

Family: Misc.

Published: 1/25/2017

Updated: 11/13/2019

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2016-9932

CVSS v3

Risk Factor: Low

Base Score: 3.3

Temporal Score: 2.9

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:citrix:xenserver

Required KB Items: Host/XenServer/version, Host/local_checks_enabled

Exploit Ease: No known exploits are available

Patch Publication Date: 12/21/2016

Vulnerability Publication Date: 12/13/2016

Reference Information

CVE: CVE-2016-10024, CVE-2016-10025, CVE-2016-9932

BID: 94863, 95021, 95026