SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Citrix XenServer Vendors:   Citrix
(Citrix Issues Fix for Citrix XenServer) Xen Multiple Flaws Let Local Guest Users Deny Service or Obtain Information From Other Guest Systems
SecurityTracker Alert ID:  1031925
SecurityTracker URL:  http://securitytracker.com/id/1031925
CVE Reference:   CVE-2015-2044, CVE-2015-2045, CVE-2015-2151   (Links to External Site)
Date:  Mar 13 2015
Impact:   Disclosure of authentication information, Disclosure of system information, Disclosure of user information, User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 6.0.0, 6.0.2, 6.1, 6.2 SP1, 6.5
Description:   Several vulnerabilities were reported in Xen. A local user on a guest system can access potentially sensitive information from the hypervisor. A local user on a guest system can cause the host system to crash. A local user with limited privileges on the guest system may be able to access an SDL or VNC backend on the target guest system. Citrix XenServer is affected.

Some internal x86 system device emulation routines in the hypervisor do not properly set data to be returned in response to a call from the guest and may contain hypervisor stack contents [CVE-2015-2044; See separate Alert ID 1031836].

The HYPERVISOR_xen_version hypercall does not properly initialize data structures to be returned in response to a call from the guest and may contain hypervisor stack contents [CVE-2015-2045; See separate Alert ID 1031837].

A local user on a guest domain can cause a PCI Express device to issue Unsupported Request (UR) responses, which may cause the host to crash [CVE-2015-2150; See separate Alert ID 1031902].

A local user on a guest system can exploit an x86 emulation flaw to trigger a pointer corruption and read potentially sensitive information about other guest systems or cause the host system to crash [CVE-2015-2151; See separate Alert ID 1031903].

A local user with limited privileges on the guest system can exploit an emulated VGA device flaw to access an SDL or VNC backend on the target guest system without permission [CVE-2015-2152; See separate Alert ID 1031919].

A local user on a guest domain can obtain potentially sensitive information from uninitialized portions of host kernel memory [CVE-2015-8553].

[Editor's note: In February 2015, the vendor pre-released advisories XSA-119 through XSA-123 under embargo. On March 5, 2015, the vendor publicly released advisories XSA-121 and XSA-122. On March 10, 2015, the vendor publicly released advisories XSA-120 and XSA-123. On March 12, 2015, the vendor publicly released advisory XSA-119.]

Impact:   A local user on a guest system can access potentially sensitive information from the hypervisor, including information from other guests.

A local user on a guest system can cause the host system to crash.

A local user with limited privileges on the guest system may be able to access an SDL or VNC backend on the target guest system without permission.

Solution:   Citrix has issued a fix for CVE-2015-2044, CVE-2015-2045, and CVE-2015-2151 for Citrix XenServer.

For 6.5: CTX142147
For 6.2 SP1: CTX142146
For 6.1: CTX142145
For 6.0.2: CTX142143
For 6.0.2 Common Criteria evaluated configuration: CTX142144
For 6.0.0: CTX142142

The Citrix advisory is available at:

http://support.citrix.com/article/CTX200484

Vendor URL:  www.xen.org/ (Links to External Site)
Cause:   Access control error, Not specified

Message History:   This archive entry is a follow-up to the message listed below.
Feb 27 2015 Xen Multiple Flaws Let Local Guest Users Deny Service or Obtain Information From Other Guest Systems



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC