SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Citrix XenServer Vendors:   Citrix
(Citrix Issues Fix for XenServer) Xen Timer Overflow Lets Local Guest Administrative Users Deny Service on the Host System
SecurityTracker Alert ID:  1027764
SecurityTracker URL:  http://securitytracker.com/id/1027764
CVE Reference:   CVE-2012-4535   (Links to External Site)
Date:  Nov 14 2012
Impact:   Denial of service via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): XenServer 5.0 Update 3, 5.5, 5.6, 5.6 Common Criteria, 5.6 FP 1, 5.6 SP 2, 6.0, 6.0.2, 6.0.2 Common Criteria, 6.1.0
Description:   A vulnerability was reported in Xen. A local administrative user on the guest operating system can cause denial of service conditions on the target host system. Citrix XenServer is affected.

A local user with administrative privileges on the guest operating system can set a specially crafted VCPU timer value to cause the target system physical CPU to enter an infinite loop.

On systems were the Xen watchdog is enabled, the target system will crash.

Impact:   A local guest administrative user can cause the target host system to hang.
Solution:   Citrix has issued a fix for Citrix XenServer.

The Citrix advisory is available at:

http://support.citrix.com/article/CTX135458

Vendor URL:  xen.org/ (Links to External Site)
Cause:   State error

Message History:   This archive entry is a follow-up to the message listed below.
Nov 14 2012 Xen Timer Overflow Lets Local Guest Administrative Users Deny Service on the Host System



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC