Búsqueda de    
Vulnerabilidad   
    Buscar 191973 Descripciones CVE y
86218 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.105147
Categoría:Citrix Xenserver Local Security Checks
Título:Citrix XenServer Multiple Security Updates (CTX200288)
Resumen:A number of security vulnerabilities have been identified in Citrix XenServer.; These vulnerabilities could, if exploited, allow unprivileged code in an HVM guest to gain privileged execution; within that guest and also allow privileged code within a PV or HVM guest to crash the host or other guests.
Descripción:Summary:
A number of security vulnerabilities have been identified in Citrix XenServer.
These vulnerabilities could, if exploited, allow unprivileged code in an HVM guest to gain privileged execution
within that guest and also allow privileged code within a PV or HVM guest to crash the host or other guests.

Vulnerability Insight:
The following vulnerabilities have been addressed:

- CVE-2014-8595: Missing privilege level checks in x86 emulation of far branches

- CVE-2014-8866: Excessive checking in compatibility mode hypercall argument translation

- CVE-2014-8867: Insufficient bounding of `REP MOVS` to MMIO emulated inside the hypervisor

- CVE-2014-1666: PHYSDEVOP_{prepare, release}_msix exposed to unprivileged guests

Affected Software/OS:
These vulnerabilities affect all currently supported versions of Citrix XenServer
up to and including Citrix XenServer 6.2 Service Pack 1.

Solution:
Apply the hotfix referenced in the advisory.

CVSS Score:
8.3

CVSS Vector:
AV:A/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-8595
BugTraq ID: 71151
http://www.securityfocus.com/bid/71151
Debian Security Information: DSA-3140 (Google Search)
http://www.debian.org/security/2015/dsa-3140
https://security.gentoo.org/glsa/201504-04
http://secunia.com/advisories/62537
http://secunia.com/advisories/62672
SuSE Security Announcement: openSUSE-SU-2015:0226 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html
SuSE Security Announcement: openSUSE-SU-2015:0256 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html
XForce ISS Database: xen-cve20148595-priv-esc(98768)
https://exchange.xforce.ibmcloud.com/vulnerabilities/98768
Common Vulnerability Exposure (CVE) ID: CVE-2014-8866
BugTraq ID: 71332
http://www.securityfocus.com/bid/71332
http://secunia.com/advisories/59937
Common Vulnerability Exposure (CVE) ID: CVE-2014-8867
BugTraq ID: 71331
http://www.securityfocus.com/bid/71331
RedHat Security Advisories: RHSA-2015:0783
http://rhn.redhat.com/errata/RHSA-2015-0783.html
http://secunia.com/advisories/59949
Common Vulnerability Exposure (CVE) ID: CVE-2014-1666
BugTraq ID: 65125
http://www.securityfocus.com/bid/65125
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127607.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127580.html
http://security.gentoo.org/glsa/glsa-201407-03.xml
http://xenbits.xen.org/xsa/xsa87-unstable-4.3.patch
http://www.openwall.com/lists/oss-security/2014/01/24/6
http://osvdb.org/102536
http://www.securitytracker.com/id/1029684
http://secunia.com/advisories/56650
SuSE Security Announcement: SUSE-SU-2014:0372 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00010.html
SuSE Security Announcement: SUSE-SU-2014:0373 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00011.html
XForce ISS Database: xen-cve20141666-priv-esc(90675)
https://exchange.xforce.ibmcloud.com/vulnerabilities/90675
CopyrightCopyright (C) 2014 Greenbone Networks GmbH

Esta es sólo una de 86218 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2020 E-Soft Inc. Todos los derechos reservados.