Citrix XenServer Multiple Vulnerabilities (CTX218775)

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

The remote host is affected by multiple vulnerabilities.

Description :

The version of Citrix XenServer running on the remote host is missing
a security hotfix. It is, therefore, affected by multiple
vulnerabilities :

- A flaw exists in the sniff_netware() function within
file tools/pygrub/src/pygrub when handling string quotes
and S-expressions in the bootloader whenever the
S-expressions output format is requested. A guest
attacker can exploit this to cause the bootloader
configuration file to produce incorrect output,
resulting in the disclosure or deletion of files from
the host. (CVE-2016-9379)

- A flaw exists in the sniff_netware() function within
file tools/pygrub/src/pygrub when handling NULL bytes in
the bootloader whenever the null-delimited output format
is requested. A guest attacker can exploit this to cause
configuration files to output ambiguous or confusing
results, resulting in the disclosure or deletion of files
from the host. (CVE-2016-9380)

- A double-fetch flaw exists that is triggered when the
compiler omits QEMU optimizations. A guest attacker can
exploit this to gain elevated privileges on the host.
(CVE-2016-9381)

- A flaw exists in the hvm_task_switch() function within
file arch/x86/hvm/hvm.c due to improper handling of x86
task switching to VM86 mode. A guest attacker can
exploit this to cause a denial of service condition or
gain elevated privileges within the guest environment.
(CVE-2016-9382)

- A flaw exists in the x86_emulate() function within
file arch/x86/x86_emulate/x86_emulate.c that allows a
guest attacker to cause changes to memory and thereby
gain elevated privileges on the host. (CVE-2016-9383)

- A denial of service vulnerability exists in the x86
segment base write emulation that is related to lacking
canonical address checks. A local attacker who has
administrative rights within a guest can exploit this
issue to crash the host. (CVE-2016-9385)

- A flaw exists in the x86 emulator due to improper
checking of the usability of segments when performing
memory accesses. A guest attacker can exploit this to
gain elevated privileges. (CVE-2016-9386)

See also :

https://support.citrix.com/article/CTX218775

Solution :

Apply the appropriate hotfix according to the vendor advisory.

Risk factor :

High / CVSS Base Score : 7.7
(CVSS2#AV:A/AC:L/Au:S/C:C/I:C/A:C)
CVSS Temporal Score : 5.7
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now