FreeBSD : xen-kernel -- guest 32-bit ELF symbol table load leaking host data (5555120d-ba4d-11e6-ae1b-002590263bf5)

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

The Xen Project reports :

Along with their main kernel binary, unprivileged guests may arrange
to have their Xen environment load (kernel) symbol tables for their
use. The ELF image metadata created for this purpose has a few unused
bytes when the symbol table binary is in 32-bit ELF format. These
unused bytes were not properly cleared during symbol table loading.

A malicious unprivileged guest may be able to obtain sensitive
information from the host.

The information leak is small and not under the control of the guest,
so effectively exploiting this vulnerability is probably difficult.

See also :

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214936
https://xenbits.xen.org/xsa/advisory-194.html
http://www.nessus.org/u?08c3698b

Solution :

Update the affected package.

Risk factor :

Low / CVSS Base Score : 2.1
(CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 95508 ()

Bugtraq ID:

CVE ID: CVE-2016-9384

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now