Citrix XenServer Multiple Vulnerabilities (CTX220112)

High Nessus Plugin ID 96928

Synopsis

The remote host is affected by multiple vulnerabilities.

Description

The version of Citrix XenServer running on the remote host is missing a security hotfix. It is, therefore, affected by the following vulnerabilities :

- A man-in-the-middle (MitM) vulnerability exists in the NTP component due to an improperly implemented threshold limitation for the '-g' option. A man-in-the-middle attacker can exploit this to intercept NTP traffic and return arbitrary date and time values to users. This vulnerability is only applicable if NTP is enabled.
(CVE-2015-5300)

- A denial of service vulnerability exists in the NTP component due to improper validation of the origin timestamp field when handling a Kiss-of-Death (KoD) packet. An unauthenticated, remote attacker can exploit this to cause a client to stop querying its servers, preventing the client from updating its clock. This vulnerability is only applicable if NTP is enabled.
(CVE-2015-7704)

- A denial of service vulnerability exists in the NTP component due to improper implementation of rate-limiting when handling server queries. An unauthenticated, remote attacker can exploit this to stop the client from querying its servers, preventing it from updating its clock. This vulnerability is only applicable if NTP is enabled. (CVE-2015-7705)

- An unspecified flaw exists that allows an authenticated, remote attacker with read-only administrator access to corrupt the host database. This vulnerability is only applicable if RBAC is enabled. (CVE-2017-5572)

- An unspecified flaw exists that allows an authenticated, remote attacker with read-only administration access to cancel the tasks of other administrators. This vulnerability is only applicable if RBAC is enabled.
(CVE-2017-5573)

Solution

Apply the appropriate hotfix per the vendor advisory.

See Also

https://support.citrix.com/article/CTX220112

Plugin Details

Severity: High

ID: 96928

File Name: citrix_xenserver_CTX220112.nasl

Version: 1.7

Type: local

Family: Misc.

Published: 2017/02/01

Updated: 2019/11/13

Dependencies: 76770

Risk Information

Risk Factor: High

CVSS Score Source: CVE-2015-7705

CVSS v2.0

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:citrix:xenserver

Required KB Items: Host/XenServer/version, Host/local_checks_enabled

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2017/01/25

Vulnerability Publication Date: 2015/10/06

Reference Information

CVE: CVE-2015-5300, CVE-2015-7704, CVE-2015-7705, CVE-2017-5572, CVE-2017-5573

BID: 77280, 77284, 77312, 95796, 95801

CERT: 718152