Test ID:	1.3.6.1.4.1.25623.1.0.106915
Category:	Citrix Xenserver Local Security Checks
Title:	Citrix XenServer Multiple Security Updates (CTX224740)
Summary:	A number of security issues have been identified within Citrix XenServer.
Description:	Summary: A number of security issues have been identified within Citrix XenServer. Vulnerability Insight: The following vulnerabilities have been addressed: - CVE-2017-10920, CVE-2017-10921, CVE-2017-10922 (High): Grant table operations mishandle reference counts. - CVE-2017-10918 (High): Stale P1M mappings due to insufficient error checking. - CVE-2017-10912 (Medium): Page transfer may allow PV guest to elevate privilege. - CVE-2017-10913, CVE-2017-10914 (Medium): Races in the grant table unmap code. - CVE-2017-10915 (Medium): x85: insufficient reference counts during shadow emulation. - CVE-2017-10917 (Medium): NULL pointer deref in event channel poll. - CVE-2017-10911 (Low): blkif responses leak backend stack data. Vulnerability Impact: These issues could, if exploited, allow a malicious administrator of a guest VM to compromise the host. Affected Software/OS: XenServer versions 7.2, 7.1, 7.0, 6.5, 6.2.0, 6.0.2. Solution: Apply the hotfix referenced in the advisory. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-10911 BugTraq ID: 99162 http://www.securityfocus.com/bid/99162 Debian Security Information: DSA-3920 (Google Search) http://www.debian.org/security/2017/dsa-3920 Debian Security Information: DSA-3927 (Google Search) http://www.debian.org/security/2017/dsa-3927 Debian Security Information: DSA-3945 (Google Search) http://www.debian.org/security/2017/dsa-3945 https://security.gentoo.org/glsa/201708-03 https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html http://www.securitytracker.com/id/1038720 Common Vulnerability Exposure (CVE) ID: CVE-2017-10912 BugTraq ID: 99158 http://www.securityfocus.com/bid/99158 Debian Security Information: DSA-3969 (Google Search) http://www.debian.org/security/2017/dsa-3969 https://security.gentoo.org/glsa/201710-17 http://www.securitytracker.com/id/1038721 Common Vulnerability Exposure (CVE) ID: CVE-2017-10913 BugTraq ID: 99411 http://www.securityfocus.com/bid/99411 http://www.securitytracker.com/id/1038722 Common Vulnerability Exposure (CVE) ID: CVE-2017-10914 Common Vulnerability Exposure (CVE) ID: CVE-2017-10915 BugTraq ID: 99174 http://www.securityfocus.com/bid/99174 Common Vulnerability Exposure (CVE) ID: CVE-2017-10917 BugTraq ID: 99157 http://www.securityfocus.com/bid/99157 http://www.securitytracker.com/id/1038731 Common Vulnerability Exposure (CVE) ID: CVE-2017-10918 BugTraq ID: 99161 http://www.securityfocus.com/bid/99161 http://www.securitytracker.com/id/1038732 Common Vulnerability Exposure (CVE) ID: CVE-2017-10920 http://www.securitytracker.com/id/1038734 Common Vulnerability Exposure (CVE) ID: CVE-2017-10921 Common Vulnerability Exposure (CVE) ID: CVE-2017-10922
Copyright	Copyright (C) 2017 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.