FreeBSD : xen-tools -- libxl leak of pv kernel and initrd on error (5d1d4473-b40d-11e5-9728-002590263bf5)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

The Xen Project reports :

When constructing a guest which is configured to use a PV bootloader
which runs as a userspace process in the toolstack domain (e.g.
pygrub) libxl creates a mapping of the files to be used as kernel and
initial ramdisk when building the guest domain.

However if building the domain subsequently fails these mappings would
not be released leading to a leak of virtual address space in the
calling process, as well as preventing the recovery of the temporary
disk files containing the kernel and initial ramdisk.

For toolstacks which manage multiple domains within the same process,
an attacker who is able to repeatedly start a suitable domain (or many
such domains) can cause an out-of-memory condition in the toolstack
process, leading to a denial of service.

Under the same circumstances an attacker can also cause files to
accumulate on the toolstack domain filesystem (usually under /var in
dom0) used to temporarily store the kernel and initial ramdisk,
perhaps leading to a denial of service against arbitrary other
services using that filesystem.

See also :

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=205841
http://xenbits.xen.org/xsa/advisory-160.html
http://www.nessus.org/u?5e2ab1db

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 87745 ()

Bugtraq ID:

CVE ID: CVE-2015-8341

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now