FreeBSD : xen-kernel -- leak of per-domain profiling-related vcpu pointer array (e3792855-881f-11e5-ab94-002590263bf5)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

The Xen Project reports :

A domain's xenoprofile state contains an array of per-vcpu
information... This array is leaked on domain teardown. This memory
leak could -- over time -- exhaust the host's memory.

The following parties can mount a denial of service attack affecting
the whole system :

- A malicious guest administrator via XENOPROF_get_buffer.

- A domain given suitable privilege over another domain via
XENOPROF_set_passive (this would usually be a domain being used to
profile another domain, eg with the xenoprof tool).

The ability to also restart or create suitable domains is also
required to fully exploit the issue. Without this the leak is limited
to a small multiple of the maximum number of vcpus for the domain.

See also :

http://xenbits.xen.org/xsa/advisory-151.html
http://www.nessus.org/u?e0d46604

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 4.9
(CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 86840 ()

Bugtraq ID:

CVE ID: CVE-2015-7969

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now