Citrix XenServer Multiple Vulnerabilities (CTX214954) (Bunker Buster)

High Nessus Plugin ID 92723


The remote host is affected by multiple vulnerabilities.


The version of Citrix XenServer running on the remote host is missing a security hotfix. It is, therefore, affected by multiple vulnerabilities :

- A privilege escalation vulnerability known as 'Bunker Buster' exists in the paravirtualization (PV) pagetable implementation due to incorrect usage of fast-paths for making updates to pre-existing pagetable entries. An attacker with administrative privileges on a PV guest can exploit this vulnerability to gain administrative privileges on the host operating system. This vulnerability only affects PV guests on x86 hardware;
HVM and ARM guests are not affected. (CVE-2016-6258)

- A denial of service vulnerability exists when handling 32-bit exceptions and event delivery due to missing SMAP whitelisting. A local guest attacker can exploit this to trigger a safety check that will crash other virtual machines on the host system. This vulnerability only exists on 32-bit PV guests running on x86 hardware that supports SMAP. (CVE-2016-6259)


Apply the appropriate hotfix as referenced in the vendor advisory.

See Also

Plugin Details

Severity: High

ID: 92723

File Name: citrix_xenserver_CTX214954.nasl

Version: $Revision: 1.6 $

Type: local

Family: Misc.

Published: 2016/08/04

Modified: 2017/02/06

Dependencies: 76770

Risk Information

Risk Factor: High


Base Score: 7.7

Temporal Score: 5.7

Vector: CVSS2#AV:A/AC:L/Au:S/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C


Base Score: 9

Temporal Score: 7.8

Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:citrix:xenserver

Required KB Items: Host/XenServer/version, Host/local_checks_enabled

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2016/07/26

Vulnerability Publication Date: 2016/07/26

Reference Information

CVE: CVE-2016-6258, CVE-2016-6259

BID: 92130, 92131

OSVDB: 142101, 142140

IAVB: 2016-B-0118