FreeBSD : xen-tools -- Unsanitised guest input in libxl device handling code (e2fca11b-4212-11e6-942d-bc5ff45d0f28)
Medium Nessus Plugin ID 91935
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionThe Xen Project reports :
Various parts of libxl device-handling code inappropriately use information from (partially) guest controlled areas of xenstore.
A malicious guest administrator can cause denial of service by resource exhaustion.
A malicious guest administrator can confuse and/or deny service to management facilities.
A malicious guest administrator of a guest configured with channel devices may be able to escalate their privilege to that of the backend domain (i.e., normally, to that of the host).
SolutionUpdate the affected package.