SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Encryption/VPN)  >   Citrix NetScaler Vendors:   Citrix
(Citrix Issues Fix for NetScaler SDX) Xen PHYSDEVOP_map_pirq() Index Validation Flaw Lets Local Guest Operating Systems Cause Denial of Service Conditions on the Host Operating System
SecurityTracker Alert ID:  1027592
SecurityTracker URL:  http://securitytracker.com/id/1027592
CVE Reference:   CVE-2012-3498   (Links to External Site)
Date:  Oct 2 2012
Impact:   Denial of service via local system, Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Xen. A local user on the guest operating system can cause denial of service conditions on the host operating system. Citrix NetScaler SDX is affected.

A local user on the guest operating system can exploit a flaw in PHYSDEVOP_map_pirq() to cause the target host operating system to crash.

A local user on the guest operating system may also be able to read hypervisor or guest operating system memory contents.

Systems running HVM guests are affected. Systems running PV guests are not affected.

Matthew Daley reported this vulnerability.

Impact:   A local user on the guest operating system can cause the target host operating system to crash.

A local user on the guest operating system may also be able to read hypervisor or guest operating system memory contents.

Solution:   Citrix has issued a fix for Citrix NetScaler SDX.

The Citrix advisory is available at:

http://support.citrix.com/article/CTX134876

Cause:   Input validation error

Message History:   This archive entry is a follow-up to the message listed below.
Sep 5 2012 Xen PHYSDEVOP_map_pirq() Index Validation Flaw Lets Local Guest Operating Systems Cause Denial of Service Conditions on the Host Operating System



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC