 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.105336 |
| Category: | Citrix Xenserver Local Security Checks |
| Title: | Vulnerability in Citrix XenServer Could Result in Information Disclosure (CTX201717) |
| Summary: | A vulnerability has been identified in Citrix XenServer which could,; if exploited, allow a malicious administrator of an HVM guest VM to obtain meta-data about their own VM.; Citrix is presently unaware of any meta-data that might be leaked that would be of value to a malicious; guest administrator.;; In non-default configurations, where the RTL8139 guest network device has been configured to enable offload; and the Citrix PV guest drivers are not active, it may also be possible for a remote attacker to obtain; information from the HVM guest. |
| Description: | Summary: A vulnerability has been identified in Citrix XenServer which could, if exploited, allow a malicious administrator of an HVM guest VM to obtain meta-data about their own VM. Citrix is presently unaware of any meta-data that might be leaked that would be of value to a malicious guest administrator. In non-default configurations, where the RTL8139 guest network device has been configured to enable offload and the Citrix PV guest drivers are not active, it may also be possible for a remote attacker to obtain information from the HVM guest. Affected Software/OS: This issue affects all supported versions of Citrix XenServer up to and including Citrix XenServer 6.5 Service Pack 1. Solution: Apply the hotfix referenced in the advisory. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-5165 1033176 http://www.securitytracker.com/id/1033176 76153 http://www.securityfocus.com/bid/76153 DSA-3348 http://www.debian.org/security/2015/dsa-3348 DSA-3349 http://www.debian.org/security/2015/dsa-3349 FEDORA-2015-14361 http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165373.html FEDORA-2015-15944 http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167820.html FEDORA-2015-15946 http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167792.html RHSA-2015:1674 http://rhn.redhat.com/errata/RHSA-2015-1674.html RHSA-2015:1683 http://rhn.redhat.com/errata/RHSA-2015-1683.html RHSA-2015:1739 http://rhn.redhat.com/errata/RHSA-2015-1739.html RHSA-2015:1740 http://rhn.redhat.com/errata/RHSA-2015-1740.html RHSA-2015:1793 http://rhn.redhat.com/errata/RHSA-2015-1793.html RHSA-2015:1833 http://rhn.redhat.com/errata/RHSA-2015-1833.html SUSE-SU-2015:1421 http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00018.html SUSE-SU-2015:1643 http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html http://support.citrix.com/article/CTX201717 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://xenbits.xen.org/xsa/advisory-140.html https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13 |
| Copyright | Copyright (C) 2015 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |