Citrix XenServer QEMU RTL8139 Guest Network Device Information Disclosure (CTX201717)
Medium Nessus Plugin ID 85661
SynopsisThe remote host is affected by an information disclosure vulnerability.
DescriptionThe version of Citrix XenServer running on the remote host is affected by an information disclosure vulnerability due to improper validation of user-supplied input in the C+ mode offload emulation of the RTL8139 network card device model in QEMU. A remote attacker can exploit this to read process heap memory, resulting in the disclosure of sensitive information.
SolutionApply the relevant hotfix referenced in the vendor advisory.