Test ID:	1.3.6.1.4.1.25623.1.0.105147
Category:	Citrix Xenserver Local Security Checks
Title:	Citrix XenServer Multiple Security Updates (CTX200288)
Summary:	A number of security vulnerabilities have been identified in Citrix XenServer.; These vulnerabilities could, if exploited, allow unprivileged code in an HVM guest to gain privileged execution; within that guest and also allow privileged code within a PV or HVM guest to crash the host or other guests.
Description:	Summary: A number of security vulnerabilities have been identified in Citrix XenServer. These vulnerabilities could, if exploited, allow unprivileged code in an HVM guest to gain privileged execution within that guest and also allow privileged code within a PV or HVM guest to crash the host or other guests. Vulnerability Insight: The following vulnerabilities have been addressed: - CVE-2014-8595: Missing privilege level checks in x86 emulation of far branches - CVE-2014-8866: Excessive checking in compatibility mode hypercall argument translation - CVE-2014-8867: Insufficient bounding of `REP MOVS` to MMIO emulated inside the hypervisor - CVE-2014-1666: PHYSDEVOP_{prepare, release}_msix exposed to unprivileged guests Affected Software/OS: These vulnerabilities affect all currently supported versions of Citrix XenServer up to and including Citrix XenServer 6.2 Service Pack 1. Solution: Apply the hotfix referenced in the advisory. CVSS Score: 8.3 CVSS Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-8595 BugTraq ID: 71151 http://www.securityfocus.com/bid/71151 Debian Security Information: DSA-3140 (Google Search) http://www.debian.org/security/2015/dsa-3140 https://security.gentoo.org/glsa/201504-04 http://secunia.com/advisories/62537 http://secunia.com/advisories/62672 SuSE Security Announcement: openSUSE-SU-2015:0226 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html SuSE Security Announcement: openSUSE-SU-2015:0256 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html XForce ISS Database: xen-cve20148595-priv-esc(98768) https://exchange.xforce.ibmcloud.com/vulnerabilities/98768 Common Vulnerability Exposure (CVE) ID: CVE-2014-8866 BugTraq ID: 71332 http://www.securityfocus.com/bid/71332 http://secunia.com/advisories/59937 Common Vulnerability Exposure (CVE) ID: CVE-2014-8867 BugTraq ID: 71331 http://www.securityfocus.com/bid/71331 RedHat Security Advisories: RHSA-2015:0783 http://rhn.redhat.com/errata/RHSA-2015-0783.html http://secunia.com/advisories/59949 Common Vulnerability Exposure (CVE) ID: CVE-2014-1666 BugTraq ID: 65125 http://www.securityfocus.com/bid/65125 http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127607.html http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127580.html http://security.gentoo.org/glsa/glsa-201407-03.xml http://xenbits.xen.org/xsa/xsa87-unstable-4.3.patch http://www.openwall.com/lists/oss-security/2014/01/24/6 http://osvdb.org/102536 http://www.securitytracker.com/id/1029684 http://secunia.com/advisories/56650 SuSE Security Announcement: SUSE-SU-2014:0372 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00010.html SuSE Security Announcement: SUSE-SU-2014:0373 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00011.html XForce ISS Database: xen-cve20141666-priv-esc(90675) https://exchange.xforce.ibmcloud.com/vulnerabilities/90675
Copyright	Copyright (C) 2014 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.