Citrix XenServer Multiple Vulnerabilities (CTX220112)

critical Nessus Plugin ID 96928

Synopsis

The remote host is affected by multiple vulnerabilities.

Description

The version of Citrix XenServer running on the remote host is missing a security hotfix. It is, therefore, affected by the following vulnerabilities :

- A man-in-the-middle (MitM) vulnerability exists in the NTP component due to an improperly implemented threshold limitation for the '-g' option. A man-in-the-middle attacker can exploit this to intercept NTP traffic and return arbitrary date and time values to users. This vulnerability is only applicable if NTP is enabled.
(CVE-2015-5300)

- A denial of service vulnerability exists in the NTP component due to improper validation of the origin timestamp field when handling a Kiss-of-Death (KoD) packet. An unauthenticated, remote attacker can exploit this to cause a client to stop querying its servers, preventing the client from updating its clock. This vulnerability is only applicable if NTP is enabled.
(CVE-2015-7704)

- A denial of service vulnerability exists in the NTP component due to improper implementation of rate-limiting when handling server queries. An unauthenticated, remote attacker can exploit this to stop the client from querying its servers, preventing it from updating its clock. This vulnerability is only applicable if NTP is enabled. (CVE-2015-7705)

- An unspecified flaw exists that allows an authenticated, remote attacker with read-only administrator access to corrupt the host database. This vulnerability is only applicable if RBAC is enabled. (CVE-2017-5572)

- An unspecified flaw exists that allows an authenticated, remote attacker with read-only administration access to cancel the tasks of other administrators. This vulnerability is only applicable if RBAC is enabled.
(CVE-2017-5573)

Solution

Apply the appropriate hotfix per the vendor advisory.

See Also

https://support.citrix.com/article/CTX220112

Plugin Details

Severity: Critical

ID: 96928

File Name: citrix_xenserver_CTX220112.nasl

Version: 1.7

Type: local

Family: Misc.

Published: 2/1/2017

Updated: 11/13/2019

Risk Information

CVSS Score Source: CVE-2015-7705

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: E:U/RL:OF/RC:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:citrix:xenserver

Required KB Items: Host/XenServer/version, Host/local_checks_enabled

Exploit Ease: No known exploits are available

Patch Publication Date: 1/25/2017

Vulnerability Publication Date: 10/6/2015

Reference Information

CVE: CVE-2015-5300, CVE-2015-7704, CVE-2015-7705, CVE-2017-5572, CVE-2017-5573

BID: 77280, 77284, 77312, 95796, 95801

CERT: 718152