Citrix XenServer Multiple Security Updates (CTX202404)

2015-11-2600:00:00

plugins.openvas.org

8.2 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

25.7%

JSON

A number of security vulnerabilities have been identified in Citrix XenServer
that may allow a malicious administrator of a guest VM to compromise the host and guest users to crash the host.
These vulnerabilities affect all currently supported versions of Citrix XenServer up to and including Citrix
XenServer 6.5 Service Pack 1.

# SPDX-FileCopyrightText: 2015 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:citrix:xenserver";

if (description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.105466");
  script_cve_id("CVE-2015-7835", "CVE-2015-7969", "CVE-2015-7970", "CVE-2015-7971", "CVE-2015-7972");
  script_tag(name:"cvss_base", value:"7.2");
  script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_version("2023-07-25T05:05:58+0000");

  script_name("Citrix XenServer Multiple Security Updates (CTX202404)");

  script_xref(name:"URL", value:"http://support.citrix.com/article/CTX202404");

  script_tag(name:"vuldetect", value:"Check the installed hotfixes.");
  script_tag(name:"solution", value:"Apply the hotfix referenced in the advisory.");

  script_tag(name:"summary", value:"A number of security vulnerabilities have been identified in Citrix XenServer
  that may allow a malicious administrator of a guest VM to compromise the host and guest users to crash the host.
  These vulnerabilities affect all currently supported versions of Citrix XenServer up to and including Citrix
  XenServer 6.5 Service Pack 1.");

  script_tag(name:"insight", value:"The following vulnerabilities have been addressed:

  CVE-2015-7835 (High): Uncontrolled creation of large page mappings by PV guests

  CVE-2015-7969 (Low): Leak of main per-domain vcpu pointer array/Leak of per-domain profiling-related vcpu pointer array

  CVE-2015-7970 (Medium): Host crash when migrating a PoD VM

  CVE-2015-7971 (Low): Some pmu and profiling hypercalls log without rate limiting

  CVE-2015-7972 (Low): Populate-on-demand balloon size inaccuracy can crash guests");

  script_tag(name:"affected", value:"Citrix XenServer up to and including Citrix XenServer 6.5 Service Pack 1");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  script_tag(name:"last_modification", value:"2023-07-25 05:05:58 +0000 (Tue, 25 Jul 2023)");
  script_tag(name:"creation_date", value:"2015-11-26 12:29:16 +0100 (Thu, 26 Nov 2015)");
  script_category(ACT_GATHER_INFO);
  script_family("Citrix Xenserver Local Security Checks");
  script_copyright("Copyright (C) 2015 Greenbone AG");
  script_dependencies("gb_xenserver_version.nasl");
  script_mandatory_keys("xenserver/product_version", "xenserver/patches");

  exit(0);
}

include("citrix_version_func.inc");
include("host_details.inc");
include("list_array_func.inc");

if( ! version = get_app_version( cpe:CPE ) )
  exit( 0 );

if( ! hotfixes = get_kb_item("xenserver/patches") )
  exit( 0 );

patches = make_array();

patches['6.5.0'] = make_list( 'XS65ESP1014', 'XS65E015' );
patches['6.2.0'] = make_list( 'XS62ESP1033' );
patches['6.1.0'] = make_list( 'XS61E059' );
patches['6.0.2'] = make_list( 'XS602E047', 'XS602ECC023' );
patches['6.0.0'] = make_list( 'XS60E052' );

citrix_xenserver_check_report_is_vulnerable( version:version, hotfixes:hotfixes, patches:patches );

exit( 99 );