Búsqueda de    
Vulnerabilidad   
    Buscar 191973 Descripciones CVE y
86218 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.105336
Categoría:Citrix Xenserver Local Security Checks
Título:Vulnerability in Citrix XenServer Could Result in Information Disclosure (CTX201717)
Resumen:A vulnerability has been identified in Citrix XenServer which could,; if exploited, allow a malicious administrator of an HVM guest VM to obtain meta-data about their own VM.; Citrix is presently unaware of any meta-data that might be leaked that would be of value to a malicious; guest administrator.;; In non-default configurations, where the RTL8139 guest network device has been configured to enable offload; and the Citrix PV guest drivers are not active, it may also be possible for a remote attacker to obtain; information from the HVM guest.
Descripción:Summary:
A vulnerability has been identified in Citrix XenServer which could,
if exploited, allow a malicious administrator of an HVM guest VM to obtain meta-data about their own VM.
Citrix is presently unaware of any meta-data that might be leaked that would be of value to a malicious
guest administrator.

In non-default configurations, where the RTL8139 guest network device has been configured to enable offload
and the Citrix PV guest drivers are not active, it may also be possible for a remote attacker to obtain
information from the HVM guest.

Affected Software/OS:
This issue affects all supported versions of Citrix XenServer up to and
including Citrix XenServer 6.5 Service Pack 1.

Solution:
Apply the hotfix referenced in the advisory.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-5165
BugTraq ID: 76153
http://www.securityfocus.com/bid/76153
Debian Security Information: DSA-3348 (Google Search)
http://www.debian.org/security/2015/dsa-3348
Debian Security Information: DSA-3349 (Google Search)
http://www.debian.org/security/2015/dsa-3349
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165373.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167820.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167792.html
RedHat Security Advisories: RHSA-2015:1674
http://rhn.redhat.com/errata/RHSA-2015-1674.html
RedHat Security Advisories: RHSA-2015:1683
http://rhn.redhat.com/errata/RHSA-2015-1683.html
RedHat Security Advisories: RHSA-2015:1739
http://rhn.redhat.com/errata/RHSA-2015-1739.html
RedHat Security Advisories: RHSA-2015:1740
http://rhn.redhat.com/errata/RHSA-2015-1740.html
RedHat Security Advisories: RHSA-2015:1793
http://rhn.redhat.com/errata/RHSA-2015-1793.html
RedHat Security Advisories: RHSA-2015:1833
http://rhn.redhat.com/errata/RHSA-2015-1833.html
http://www.securitytracker.com/id/1033176
SuSE Security Announcement: SUSE-SU-2015:1421 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00018.html
SuSE Security Announcement: SUSE-SU-2015:1643 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html
CopyrightCopyright (C) 2015 Greenbone Networks GmbH

Esta es sólo una de 86218 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2020 E-Soft Inc. Todos los derechos reservados.