Lucene search

K
openvasCopyright (C) 2015 Greenbone AGOPENVAS:1361412562310105466
HistoryNov 26, 2015 - 12:00 a.m.

Citrix XenServer Multiple Security Updates (CTX202404)

2015-11-2600:00:00
Copyright (C) 2015 Greenbone AG
plugins.openvas.org
21

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

8.2

Confidence

High

EPSS

0.001

Percentile

26.7%

A number of security vulnerabilities have been identified in Citrix XenServer
that may allow a malicious administrator of a guest VM to compromise the host and guest users to crash the host.
These vulnerabilities affect all currently supported versions of Citrix XenServer up to and including Citrix
XenServer 6.5 Service Pack 1.

# SPDX-FileCopyrightText: 2015 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:citrix:xenserver";

if (description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.105466");
  script_cve_id("CVE-2015-7835", "CVE-2015-7969", "CVE-2015-7970", "CVE-2015-7971", "CVE-2015-7972");
  script_tag(name:"cvss_base", value:"7.2");
  script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_version("2023-07-25T05:05:58+0000");

  script_name("Citrix XenServer Multiple Security Updates (CTX202404)");

  script_xref(name:"URL", value:"http://support.citrix.com/article/CTX202404");

  script_tag(name:"vuldetect", value:"Check the installed hotfixes.");
  script_tag(name:"solution", value:"Apply the hotfix referenced in the advisory.");

  script_tag(name:"summary", value:"A number of security vulnerabilities have been identified in Citrix XenServer
  that may allow a malicious administrator of a guest VM to compromise the host and guest users to crash the host.
  These vulnerabilities affect all currently supported versions of Citrix XenServer up to and including Citrix
  XenServer 6.5 Service Pack 1.");

  script_tag(name:"insight", value:"The following vulnerabilities have been addressed:

  CVE-2015-7835 (High): Uncontrolled creation of large page mappings by PV guests

  CVE-2015-7969 (Low): Leak of main per-domain vcpu pointer array/Leak of per-domain profiling-related vcpu pointer array

  CVE-2015-7970 (Medium): Host crash when migrating a PoD VM

  CVE-2015-7971 (Low): Some pmu and profiling hypercalls log without rate limiting

  CVE-2015-7972 (Low): Populate-on-demand balloon size inaccuracy can crash guests");

  script_tag(name:"affected", value:"Citrix XenServer up to and including Citrix XenServer 6.5 Service Pack 1");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  script_tag(name:"last_modification", value:"2023-07-25 05:05:58 +0000 (Tue, 25 Jul 2023)");
  script_tag(name:"creation_date", value:"2015-11-26 12:29:16 +0100 (Thu, 26 Nov 2015)");
  script_category(ACT_GATHER_INFO);
  script_family("Citrix Xenserver Local Security Checks");
  script_copyright("Copyright (C) 2015 Greenbone AG");
  script_dependencies("gb_xenserver_version.nasl");
  script_mandatory_keys("xenserver/product_version", "xenserver/patches");

  exit(0);
}

include("citrix_version_func.inc");
include("host_details.inc");
include("list_array_func.inc");

if( ! version = get_app_version( cpe:CPE ) )
  exit( 0 );

if( ! hotfixes = get_kb_item("xenserver/patches") )
  exit( 0 );

patches = make_array();

patches['6.5.0'] = make_list( 'XS65ESP1014', 'XS65E015' );
patches['6.2.0'] = make_list( 'XS62ESP1033' );
patches['6.1.0'] = make_list( 'XS61E059' );
patches['6.0.2'] = make_list( 'XS602E047', 'XS602ECC023' );
patches['6.0.0'] = make_list( 'XS60E052' );

citrix_xenserver_check_report_is_vulnerable( version:version, hotfixes:hotfixes, patches:patches );

exit( 99 );

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

8.2

Confidence

High

EPSS

0.001

Percentile

26.7%