Citrix XenServer Multiple Vulnerabilities (CTX220112)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote host is affected by multiple vulnerabilities.

Description :

The version of Citrix XenServer running on the remote host is missing
a security hotfix. It is, therefore, affected by the following
vulnerabilities :

- A man-in-the-middle (MitM) vulnerability exists in the
NTP component due to an improperly implemented threshold
limitation for the '-g' option. A man-in-the-middle
attacker can exploit this to intercept NTP traffic and
return arbitrary date and time values to users. This
vulnerability is only applicable if NTP is enabled.
(CVE-2015-5300)

- A denial of service vulnerability exists in the NTP
component due to improper validation of the origin
timestamp field when handling a Kiss-of-Death (KoD)
packet. An unauthenticated, remote attacker can exploit
this to cause a client to stop querying its servers,
preventing the client from updating its clock. This
vulnerability is only applicable if NTP is enabled.
(CVE-2015-7704)

- A denial of service vulnerability exists in the NTP
component due to improper implementation of
rate-limiting when handling server queries. An
unauthenticated, remote attacker can exploit this to
stop the client from querying its servers, preventing it
from updating its clock. This vulnerability is only
applicable if NTP is enabled. (CVE-2015-7705)

- An unspecified flaw exists that allows an authenticated,
remote attacker with read-only administrator access to
corrupt the host database. This vulnerability is only
applicable if RBAC is enabled. (CVE-2017-5572)

- An unspecified flaw exists that allows an authenticated,
remote attacker with read-only administration access to
cancel the tasks of other administrators. This
vulnerability is only applicable if RBAC is enabled.
(CVE-2017-5573)

See also :

https://support.citrix.com/article/CTX220112

Solution :

Apply the appropriate hotfix per the vendor advisory.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 3.6
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 96928 ()

Bugtraq ID: 77280
77284
77312
95796
95801

CVE ID: CVE-2015-5300
CVE-2015-7704
CVE-2015-7705
CVE-2017-5572
CVE-2017-5573

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now