Citrix XenServer QEMU Display Geometry Resize Handling Guest-to-Host Code Execution (CTX221578)

Medium Nessus Plugin ID 97948


The remote host is affected by a guest-to-host arbitrary code execution vulnerability.


The version of Citrix XenServer running on the remote host is missing a security hotfix. It is, therefore, affected by a guest-to-host arbitrary code execution vulnerability in the QEMU component due to a failure to immediately complete resize operations when a blank mode is synchronously selected for the next update interval. Since other console components will already be operating with the new size values before the operation is completed, an attacker within a guest can exploit this issue to cause a heap-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code on the host.


Apply the appropriate hotfix according to the vendor advisory.

See Also

Plugin Details

Severity: Medium

ID: 97948

File Name: citrix_xenserver_CTX221578.nasl

Version: $Revision: 1.5 $

Type: local

Family: Misc.

Published: 2017/03/24

Modified: 2017/08/14

Dependencies: 76770

Risk Information

Risk Factor: Medium


Base Score: 6.9

Temporal Score: 5.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:ND/RC:C


Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:citrix:xenserver

Required KB Items: Host/XenServer/version, Host/local_checks_enabled, Settings/ParanoidReport

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2017/03/14

Vulnerability Publication Date: 2017/03/14

Reference Information

CVE: CVE-2016-9603

BID: 96893

OSVDB: 153753