CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
High
EPSS
Percentile
26.7%
A number of security vulnerabilities have been identified in Citrix XenServer
that may allow a malicious administrator of a guest VM to compromise the host and guest users to crash the host.
These vulnerabilities affect all currently supported versions of Citrix XenServer up to and including Citrix
XenServer 6.5 Service Pack 1.
# SPDX-FileCopyrightText: 2015 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:citrix:xenserver";
if (description)
{
script_oid("1.3.6.1.4.1.25623.1.0.105466");
script_cve_id("CVE-2015-7835", "CVE-2015-7969", "CVE-2015-7970", "CVE-2015-7971", "CVE-2015-7972");
script_tag(name:"cvss_base", value:"7.2");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_version("2023-07-25T05:05:58+0000");
script_name("Citrix XenServer Multiple Security Updates (CTX202404)");
script_xref(name:"URL", value:"http://support.citrix.com/article/CTX202404");
script_tag(name:"vuldetect", value:"Check the installed hotfixes.");
script_tag(name:"solution", value:"Apply the hotfix referenced in the advisory.");
script_tag(name:"summary", value:"A number of security vulnerabilities have been identified in Citrix XenServer
that may allow a malicious administrator of a guest VM to compromise the host and guest users to crash the host.
These vulnerabilities affect all currently supported versions of Citrix XenServer up to and including Citrix
XenServer 6.5 Service Pack 1.");
script_tag(name:"insight", value:"The following vulnerabilities have been addressed:
CVE-2015-7835 (High): Uncontrolled creation of large page mappings by PV guests
CVE-2015-7969 (Low): Leak of main per-domain vcpu pointer array/Leak of per-domain profiling-related vcpu pointer array
CVE-2015-7970 (Medium): Host crash when migrating a PoD VM
CVE-2015-7971 (Low): Some pmu and profiling hypercalls log without rate limiting
CVE-2015-7972 (Low): Populate-on-demand balloon size inaccuracy can crash guests");
script_tag(name:"affected", value:"Citrix XenServer up to and including Citrix XenServer 6.5 Service Pack 1");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
script_tag(name:"last_modification", value:"2023-07-25 05:05:58 +0000 (Tue, 25 Jul 2023)");
script_tag(name:"creation_date", value:"2015-11-26 12:29:16 +0100 (Thu, 26 Nov 2015)");
script_category(ACT_GATHER_INFO);
script_family("Citrix Xenserver Local Security Checks");
script_copyright("Copyright (C) 2015 Greenbone AG");
script_dependencies("gb_xenserver_version.nasl");
script_mandatory_keys("xenserver/product_version", "xenserver/patches");
exit(0);
}
include("citrix_version_func.inc");
include("host_details.inc");
include("list_array_func.inc");
if( ! version = get_app_version( cpe:CPE ) )
exit( 0 );
if( ! hotfixes = get_kb_item("xenserver/patches") )
exit( 0 );
patches = make_array();
patches['6.5.0'] = make_list( 'XS65ESP1014', 'XS65E015' );
patches['6.2.0'] = make_list( 'XS62ESP1033' );
patches['6.1.0'] = make_list( 'XS61E059' );
patches['6.0.2'] = make_list( 'XS602E047', 'XS602ECC023' );
patches['6.0.0'] = make_list( 'XS60E052' );
citrix_xenserver_check_report_is_vulnerable( version:version, hotfixes:hotfixes, patches:patches );
exit( 99 );