FreeBSD : xen-kernel -- x86: Mishandling of SYSCALL singlestep during emulation (942433db-c661-11e6-ae1b-002590263bf5)

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

The Xen Project reports :

The typical behaviour of singlestepping exceptions is determined at
the start of the instruction, with a #DB trap being raised at the end
of the instruction. SYSCALL (and SYSRET, although we don't implement
it) behave differently because the typical behaviour allows userspace
to escalate its privilege. (This difference in behaviour seems to be
undocumented.) Xen wrongly raised the exception based on the flags at
the start of the instruction.

Guest userspace which can invoke the instruction emulator can use this
flaw to escalate its privilege to that of the guest kernel.

See also :

http://xenbits.xen.org/xsa/advisory-204.html
http://www.nessus.org/u?589925c8

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 4.6
(CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 95974 ()

Bugtraq ID:

CVE ID: CVE-2016-10013

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now