SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Citrix XenServer Vendors:   Citrix
(Citrix Issues Fix for Citrix XenServer) Xen Lets Local Users on a Guest System Obtain Register Contents from the Target Guest System
SecurityTracker Alert ID:  1035643
SecurityTracker URL:  http://securitytracker.com/id/1035643
CVE Reference:   CVE-2016-3158, CVE-2016-3159   (Links to External Site)
Date:  Apr 21 2016
Impact:   Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 6.0, 6.0.2, 6.1, 6.2 SP1, 6.5 SP1
Description:   Two vulnerabilities were reported in Xen. A local user on the guest system can gain obtain potentially sensitive register contents from the guest system. Citrix XenServer is affected.

A local user on a guest system can obtain potentially sensitive information from registers containing FPU instructions, data pointers, and opcodes for another guest system.

This can be exploited to determine address space usage and timing information about the target domain.

AMD x86 systems are affected.

Both PV and HVM guests are affected.

Jan Beulich of SUSE reported this vulnerability.

Impact:   A local user on the guest system can gain obtain potentially sensitive register contents from another guest system.
Solution:   Citrix has issued a hotfix for CVE-2016-3158 and CVE-2016-3159 for Citrix XenServer.

6.5 SP1: CTX209498
6.2 SP1: CTX209497
6.1: CTX209496
6.0.2: CTX209494
6.0.2 Common Criteria: CTX209495
6.0: CTX209493

The Citrix advisory is available at:

http://support.citrix.com/article/CTX209443

Vendor URL:  support.citrix.com/article/CTX209443 (Links to External Site)
Cause:   Access control error

Message History:   This archive entry is a follow-up to the message listed below.
Mar 29 2016 Xen Lets Local Users on a Guest System Obtain Register Contents from the Target Guest System



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC