Citrix XenServer Multiple Vulnerabilities (CTX216071)

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

The remote host is affected by multiple vulnerabilities.

Description :

The version of Citrix XenServer running on the remote host is missing
a security hotfix. It is, therefore, affected by multiple
vulnerabilities :

- A flaw exists due to improper handling of pagetable
walks that contain recursive L3 pagetable entries. An
attacker on the guest can exploit this to gain elevated
privileges. (CVE-2016-7092)

- A flaw exists due to improper handling of instruction
pointer truncation when emulating HVM instructions. An
attacker on the guest can exploit this to gain elevated
privileges. (CVE-2016-7093)

- An overflow condition exists in the x86 HVM guests due
to improper handling of writing to pagetables,
specifically when the guest is running shadow paging
using a subset of the x86 emulator. An attacker on the
guest can exploit this to cause a denial of service
condition on the host. (CVE-2016-7094)

- A use-after-free error exists when calling the
EVTCHNOP_init_control operation with a bad guest frame
number. An attacker on the guest can exploit this, by
freeing a control structure without also clearing the
corresponding pointer, to crash the host or potentially
gain elevated privileges. (CVE-2016-7154)

See also :

https://support.citrix.com/article/CTX216071

Solution :

Apply the appropriate hotfix according to the vendor advisory.

Risk factor :

High / CVSS Base Score : 7.7
(CVSS2#AV:A/AC:L/Au:S/C:C/I:C/A:C)
CVSS Temporal Score : 5.7
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Misc.

Nessus Plugin ID: 93608 ()

Bugtraq ID: 92862
92863
92864
92865

CVE ID: CVE-2016-7092
CVE-2016-7093
CVE-2016-7094
CVE-2016-7154

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now