Xen Hypervisor Multiple Vulnerabilities (XSA-231 - XSA-234)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote Xen hypervisor installation is missing a security update.

Description :

According to its self-reported version number, the Xen hypervisor
installed on the remote host is affected by multiple vulnerabilities :

- A flaw exists in the alloc_heap_pages() function due to
improper handling when 'node >= MAX_NUMNODES'. A guest
attacker can use crafted hypercalls to execute arbitrary
code on the host system. (CVE-2017-14316)

- A double-free flaw exists in the domain_cleanup()
function within 'xenstored_domain.c'. A local attacker
can use this flaw to crash the xenstored daemon which
potentially could cause a denial of service.
(CVE-2017-14317)

- A null pointer dereference flaw exists in the
__gnttab_cache_flush() function. An attacker could
potentially leverage this flaw to crash the host system
from a guest system. (CVE-2017-14318)

- A flaw exists within 'arch/x86/mm.c'. An attacker could
leverage this vulnerability to gain elevated privileges
on the host system from a guest system. (CVE-2017-14319)

Note that Nessus has checked the changeset versions based on the
xen.git change log. Nessus did not check guest hardware configurations
or if patches were applied manually to the source code before a
recompile and reinstall.

See also :

http://xenbits.xen.org/xsa/advisory-231.html
http://xenbits.xen.org/xsa/advisory-232.html
http://xenbits.xen.org/xsa/advisory-233.html
http://xenbits.xen.org/xsa/advisory-234.html
https://xenbits.xen.org/gitweb/?p=xen.git;a=summary

Solution :

Apply the appropriate patch according to the vendor advisory.

Risk factor :

High / CVSS Base Score : 9.0
(CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)
CVSS Temporal Score : 6.7
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Misc.

Nessus Plugin ID: 103328 ()

Bugtraq ID: 100817
100818
100819
100826

CVE ID: CVE-2017-14316
CVE-2017-14317
CVE-2017-14318
CVE-2017-14319

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now