Citrix XenServer Multiple Vulnerabilities (CTX214954) (Bunker Buster)
High Nessus Plugin ID 92723
SynopsisThe remote host is affected by multiple vulnerabilities.
DescriptionThe version of Citrix XenServer running on the remote host is missing a security hotfix. It is, therefore, affected by multiple vulnerabilities :
- A privilege escalation vulnerability known as 'Bunker Buster' exists in the paravirtualization (PV) pagetable implementation due to incorrect usage of fast-paths for making updates to pre-existing pagetable entries. An attacker with administrative privileges on a PV guest can exploit this vulnerability to gain administrative privileges on the host operating system. This vulnerability only affects PV guests on x86 hardware;
HVM and ARM guests are not affected. (CVE-2016-6258)
- A denial of service vulnerability exists when handling 32-bit exceptions and event delivery due to missing SMAP whitelisting. A local guest attacker can exploit this to trigger a safety check that will crash other virtual machines on the host system. This vulnerability only exists on 32-bit PV guests running on x86 hardware that supports SMAP. (CVE-2016-6259)
SolutionApply the appropriate hotfix as referenced in the vendor advisory.