FreeBSD : xen-tools -- qemu incautious about shared ring processing (58685e23-ba4d-11e6-ae1b-002590263bf5)

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

The Xen Project reports :

The compiler can emit optimizations in qemu which can lead to double
fetch vulnerabilities. Specifically data on the rings shared between
qemu and the hypervisor (which the guest under control can obtain
mappings of) can be fetched twice (during which time the guest can
alter the contents) possibly leading to arbitrary code execution in
qemu.

Malicious administrators can exploit this vulnerability to take over
the qemu process, elevating its privilege to that of the qemu process.

In a system not using a device model stub domain (or other techniques
for deprivileging qemu), malicious guest administrators can thus
elevate their privilege to that of the host.

See also :

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214936
https://xenbits.xen.org/xsa/advisory-197.html
http://www.nessus.org/u?147b1051

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 95510 ()

Bugtraq ID:

CVE ID: CVE-2016-9381

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now