Citrix XenServer QEMU Display Geometry Resize Handling Guest-to-Host Code Execution (CTX221578)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote host is affected by a guest-to-host arbitrary code
execution vulnerability.

Description :

The version of Citrix XenServer running on the remote host is missing
a security hotfix. It is, therefore, affected by a guest-to-host
arbitrary code execution vulnerability in the QEMU component due to a
failure to immediately complete resize operations when a blank mode is
synchronously selected for the next update interval. Since other
console components will already be operating with the new size values
before the operation is completed, an attacker within a guest can
exploit this issue to cause a heap-based buffer overflow, resulting in
a denial of service condition or the execution of arbitrary code on
the host.

See also :

https://support.citrix.com/article/CTX221578

Solution :

Apply the appropriate hotfix according to the vendor advisory.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.9
(CVSS2#E:U/RL:ND/RC:C)
Public Exploit Available : false

Family: Misc.

Nessus Plugin ID: 97948 ()

Bugtraq ID: 96893

CVE ID: CVE-2016-9603

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now