Citrix Xenserver Local Security Checks : Citrix XenServer Multiple Security Updates (CTX225941)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.140303
Category:	Citrix Xenserver Local Security Checks
Title:	Citrix XenServer Multiple Security Updates (CTX225941)
Summary:	A number of security vulnerabilities have been identified in Citrix XenServer that may allow a; malicious administrator of a guest VM to compromise the host.
Description:	Summary: A number of security vulnerabilities have been identified in Citrix XenServer that may allow a malicious administrator of a guest VM to compromise the host. Vulnerability Insight: The following vulnerabilities have been addressed: - CVE-2017-12134: (High) linux: Fix Xen block IO merge-ability calculation. - CVE-2017-12135: (Medium) multiple problems with transitive grants. - CVE-2017-12136: (High) grant_table: Race conditions with maptrack free list handling. - CVE-2017-12137: (High) x86: PV privilege escalation via map_grant_ref. - CVE-2017-12855: (Low) grant_table: possibly premature clearing of GTF_writing / GTF_reading. Affected Software/OS: XenServer versions 7.2, 7.1, 7.0, 6.5, 6.2.0, 6.0.2. Solution: Apply the hotfix referenced in the advisory. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-12134 BugTraq ID: 100343 http://www.securityfocus.com/bid/100343 Debian Security Information: DSA-3981 (Google Search) http://www.debian.org/security/2017/dsa-3981 https://security.gentoo.org/glsa/201801-14 https://bugzilla.redhat.com/show_bug.cgi?id=1477656 http://www.openwall.com/lists/oss-security/2017/08/15/4 http://www.securitytracker.com/id/1039176 https://usn.ubuntu.com/3655-1/ https://usn.ubuntu.com/3655-2/ Common Vulnerability Exposure (CVE) ID: CVE-2017-12135 BugTraq ID: 100344 http://www.securityfocus.com/bid/100344 Debian Security Information: DSA-3969 (Google Search) http://www.debian.org/security/2017/dsa-3969 https://bugzilla.redhat.com/show_bug.cgi?id=1477655 http://www.openwall.com/lists/oss-security/2017/08/15/1 http://www.openwall.com/lists/oss-security/2017/08/17/6 http://www.openwall.com/lists/oss-security/2020/04/14/4 http://www.securitytracker.com/id/1039178 Common Vulnerability Exposure (CVE) ID: CVE-2017-12136 BugTraq ID: 100346 http://www.securityfocus.com/bid/100346 https://bugzilla.redhat.com/show_bug.cgi?id=1477651 http://www.openwall.com/lists/oss-security/2017/08/15/3 http://www.securitytracker.com/id/1039175 Common Vulnerability Exposure (CVE) ID: CVE-2017-12137 BugTraq ID: 100342 http://www.securityfocus.com/bid/100342 https://bugzilla.redhat.com/show_bug.cgi?id=1477657 http://www.openwall.com/lists/oss-security/2017/08/15/2 http://www.securitytracker.com/id/1039174 Common Vulnerability Exposure (CVE) ID: CVE-2017-12855 BugTraq ID: 100341 http://www.securityfocus.com/bid/100341 http://www.securitytracker.com/id/1039177
Copyright	Copyright (C) 2017 Greenbone AG