Citrix XenServer Multiple Vulnerabilities (CTX219378)

Medium Nessus Plugin ID 96778


A server virtualization platform installed on the remote host is affected by multiple vulnerabilities.


The version of Citrix XenServer installed on the remote host is missing a security hotfix. It is, therefore, affected by multiple vulnerabilities :

- A flaw exists in x86 instruction CMPXCHG8B due to legacy operand size overrides not being properly ignored when handling prefixes. A guest attacker can exploit this to disclose potentially sensitive information on the host system. Note that the ability to read a small amount of hypervisor memory is restricted to privileged-mode code in all guests except on Citrix XenServer 6.2 SP1 and 6.0.2CC, where the attack may also be performed from non-privileged-mode code in HVM guest VMs.

- A denial of service vulnerability exists when a guest asynchronously modifies its instruction stream to effect the clearing of EFLAGS.IF. A guest attacker can exploit this to cause the host to hang or crash.

- A denial of service vulnerability exists due to a NULL pointer dereference flaw that is triggered when the hvmemul_vmfunc() function pointer uses inappropriate NULL checks before indirect function calls. A guest attacker can exploit this to cause the hypervisor to crash. Note that the ability of privileged-mode code in HVM guest VMs to crash the host is restricted to AMD systems running Citrix XenServer 7.0. (CVE-2016-10025)


Apply the appropriate hotfix according to the vendor advisory.

See Also

Plugin Details

Severity: Medium

ID: 96778

File Name: citrix_xenserver_CTX219378.nasl

Version: $Revision: 1.6 $

Type: local

Family: Misc.

Published: 2017/01/25

Modified: 2017/02/06

Dependencies: 76770

Risk Information

Risk Factor: Medium


Base Score: 5.5

Temporal Score: 4.5

Vector: CVSS2#AV:A/AC:L/Au:S/C:N/I:N/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND


Base Score: 6.8

Temporal Score: 6.3

Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:X

Vulnerability Information

CPE: cpe:/a:citrix:xenserver

Required KB Items: Host/XenServer/version, Host/local_checks_enabled

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2016/12/21

Vulnerability Publication Date: 2016/12/13

Reference Information

CVE: CVE-2016-9932, CVE-2016-10024, CVE-2016-10025

BID: 94863, 95021, 95026

OSVDB: 148798, 149100, 149105