 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.105336 |
| Kategorie: | Citrix Xenserver Local Security Checks |
| Titel: | Vulnerability in Citrix XenServer Could Result in Information Disclosure (CTX201717) |
| Zusammenfassung: | A vulnerability has been identified in Citrix XenServer which could,; if exploited, allow a malicious administrator of an HVM guest VM to obtain meta-data about their own VM.; Citrix is presently unaware of any meta-data that might be leaked that would be of value to a malicious; guest administrator.;; In non-default configurations, where the RTL8139 guest network device has been configured to enable offload; and the Citrix PV guest drivers are not active, it may also be possible for a remote attacker to obtain; information from the HVM guest. |
| Beschreibung: | Summary: A vulnerability has been identified in Citrix XenServer which could, if exploited, allow a malicious administrator of an HVM guest VM to obtain meta-data about their own VM. Citrix is presently unaware of any meta-data that might be leaked that would be of value to a malicious guest administrator. In non-default configurations, where the RTL8139 guest network device has been configured to enable offload and the Citrix PV guest drivers are not active, it may also be possible for a remote attacker to obtain information from the HVM guest. Affected Software/OS: This issue affects all supported versions of Citrix XenServer up to and including Citrix XenServer 6.5 Service Pack 1. Solution: Apply the hotfix referenced in the advisory. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-5165 1033176 http://www.securitytracker.com/id/1033176 76153 http://www.securityfocus.com/bid/76153 DSA-3348 http://www.debian.org/security/2015/dsa-3348 DSA-3349 http://www.debian.org/security/2015/dsa-3349 FEDORA-2015-14361 http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165373.html FEDORA-2015-15944 http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167820.html FEDORA-2015-15946 http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167792.html RHSA-2015:1674 http://rhn.redhat.com/errata/RHSA-2015-1674.html RHSA-2015:1683 http://rhn.redhat.com/errata/RHSA-2015-1683.html RHSA-2015:1739 http://rhn.redhat.com/errata/RHSA-2015-1739.html RHSA-2015:1740 http://rhn.redhat.com/errata/RHSA-2015-1740.html RHSA-2015:1793 http://rhn.redhat.com/errata/RHSA-2015-1793.html RHSA-2015:1833 http://rhn.redhat.com/errata/RHSA-2015-1833.html SUSE-SU-2015:1421 http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00018.html SUSE-SU-2015:1643 http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html http://support.citrix.com/article/CTX201717 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://xenbits.xen.org/xsa/advisory-140.html https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13 |
| Copyright | Copyright (C) 2015 Greenbone AG |
| Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |