Citrix XenServer Multiple Vulnerabilities (CTX219378)

Low Nessus Plugin ID 96778


A server virtualization platform installed on the remote host is affected by multiple vulnerabilities.


The version of Citrix XenServer installed on the remote host is missing a security hotfix. It is, therefore, affected by multiple vulnerabilities :

- A flaw exists in x86 instruction CMPXCHG8B due to legacy operand size overrides not being properly ignored when handling prefixes. A guest attacker can exploit this to disclose potentially sensitive information on the host system. Note that the ability to read a small amount of hypervisor memory is restricted to privileged-mode code in all guests except on Citrix XenServer 6.2 SP1 and 6.0.2CC, where the attack may also be performed from non-privileged-mode code in HVM guest VMs.

- A denial of service vulnerability exists when a guest asynchronously modifies its instruction stream to effect the clearing of EFLAGS.IF. A guest attacker can exploit this to cause the host to hang or crash.

- A denial of service vulnerability exists due to a NULL pointer dereference flaw that is triggered when the hvmemul_vmfunc() function pointer uses inappropriate NULL checks before indirect function calls. A guest attacker can exploit this to cause the hypervisor to crash. Note that the ability of privileged-mode code in HVM guest VMs to crash the host is restricted to AMD systems running Citrix XenServer 7.0. (CVE-2016-10025)


Apply the appropriate hotfix according to the vendor advisory.

See Also

Plugin Details

Severity: Low

ID: 96778

File Name: citrix_xenserver_CTX219378.nasl

Version: 1.8

Type: local

Family: Misc.

Published: 2017/01/25

Updated: 2019/11/13

Dependencies: 76770

Risk Information

Risk Factor: Low

CVSS Score Source: CVE-2016-9932

CVSS v2.0

Base Score: 2.1

Temporal Score: 1.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 3.3

Temporal Score: 2.9

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:citrix:xenserver

Required KB Items: Host/XenServer/version, Host/local_checks_enabled

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2016/12/21

Vulnerability Publication Date: 2016/12/13

Reference Information

CVE: CVE-2016-9932, CVE-2016-10024, CVE-2016-10025

BID: 94863, 95021, 95026