GLSA-201703-07 : Xen: Privilege Escalation

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote Gentoo host is missing one or more security-related
patches.

Description :

The remote host is affected by the vulnerability described in GLSA-201703-07
(Xen: Privilege Escalation)

In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine
cirrus_bitblt_cputovideo fails to check wethehr the specified memory
region is safe.

Impact :

A local attacker could potentially execute arbitrary code with
privileges of Xen (QEMU) process on the host, gain privileges on the host
system, or cause a Denial of Service condition.

Workaround :

Running guests in Paravirtualization (PV) mode, or running guests in
Hardware-assisted virtualizion (HVM) utilizing stub domains mitigate
the issue.
Running HVM guests with the device model in a stubdomain will mitigate
the issue.
Changing the video card emulation to stdvga (stdvga=1, vga=”stdvga”,
in the xl domain configuration) will avoid the vulnerability.

See also :

https://security.gentoo.org/glsa/201703-07

Solution :

All Xen Tools users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose
'>=app-emulation/xen-tools-4.7.1-r8'

Risk factor :

Medium

Family: Gentoo Local Security Checks

Nessus Plugin ID: 99014 ()

Bugtraq ID:

CVE ID: CVE-2017-2620

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now