Citrix XenServer QEMU ioport Array Overflow Guest-to-Host Privilege Escalation (CTX219136)

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.

Synopsis :

The remote host is affected by a privilege escalation vulnerability.

Description :

The version of Citrix XenServer running on the remote host is missing
a security hotfix. It is, therefore, affected by a privilege
escalation vulnerability in the QEMU ioport component due to an array
overflow that is triggered during the handling of addresses in ioport
read and write look-ups. A local administrative user on the guest
system can exploit this issue to gain elevated privileges on the host

See also :

Solution :

Apply the appropriate hotfix according to the vendor advisory.

Risk factor :

High / CVSS Base Score : 7.4
CVSS Temporal Score : 5.5
Public Exploit Available : false

Family: Misc.

Nessus Plugin ID: 95659 ()

Bugtraq ID: 93970

CVE ID: CVE-2016-9637

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now