Citrix XenServer QEMU FDC Buffer Overflow RCE (CTX201078) (VENOM)

This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.


Synopsis :

The remote host is affected by a buffer overflow vulnerability.

Description :

The remote host is running a version of Citrix XenServer that is
affected by a flaw in the Floppy Disk Controller (FDC) in the bundled
QEMU software due to an overflow condition in hw/block/fdc.c when
handling certain commands. An attacker, with access to an account on
the guest operating system with privilege to access the FDC, can
exploit this flaw to execute arbitrary code in the context of the
hypervisor process on the host system.

See also :

https://support.citrix.com/article/CTX201078
http://venom.crowdstrike.com/

Solution :

Apply the relevant hotfix referenced in the vendor advisory.

Risk factor :

High / CVSS Base Score : 7.7
(CVSS2#AV:A/AC:L/Au:S/C:C/I:C/A:C)
CVSS Temporal Score : 6.0
(CVSS2#E:POC/RL:OF/RC:ND)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 83763 ()

Bugtraq ID: 74640

CVE ID: CVE-2015-3456

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now