Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Citrix XenServer Multiple Security Updates (CTX201145)

Information

Severity

Severity

High

Family

Family

Citrix Xenserver Local Security Checks

CVSSv2 Base

CVSSv2 Base

7.8

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Solution Type

Solution Type

Vendor Patch

Created

Created

7 years ago

Modified

Modified

3 years ago

Summary

A number of security vulnerabilities have been identified in Citrix XenServer that may allow a malicious administrator of a guest VM to crash the host. These vulnerabilities affect all currently supported versions of Citrix XenServer up to and including Citrix XenServer 6.5 Service Pack 1. The following vulnerabilities have been addressed: - CVE-2015-4106: Unmediated PCI register access in qemu. - CVE-2015-4163: GNTTABOP_swap_grant_ref operation misbehavior. - CVE-2015-4164: vulnerability in the iret hypercall handler - CVE-2015-2756: Unmediated PCI command register access in qemu - CVE-2015-4103: Potential unintended writes to host MSI message data field via qemu. - CVE-2015-4104: PCI MSI mask bits inadvertently exposed to guests. - CVE-2015-4105: Guest triggerable qemu MSI-X pass-through error messages

Affected Software

Affected Software

XenServer 6.5 XenServer 6.2.0 XenServer 6.0 XenServer 6.0.2 XenServer 6.1.0

Detection Method

Detection Method

Check the installed hotfixes

Solution

Solution

Apply the hotfix referenced in the advisory.