Búsqueda de    
Vulnerabilidad   
    Buscar 191973 Descripciones CVE y
86218 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.140127
Categoría:Citrix Xenserver Local Security Checks
Título:Citrix XenServer Multiple Security Updates (CTX220112)
Resumen:Several security issues have been identified within Citrix XenServer.
Descripción:Summary:
Several security issues have been identified within Citrix XenServer.

Vulnerability Insight:
The following vulnerabilities have been addressed:

- CVE-2017-5572 (Low): Authenticated read-only administrator can corrupt host database

- CVE-2017-5573 (Low): Authenticated read-only administrator can cancel tasks of other administrators

- CVE-2015-5300, CVE-2015-7704, CVE-2015-7705 (Low): NTP updates.

Customers who have not enabled NTP are unaffected by the NTP issues.

Customers who have not enabled RBAC are unaffected by the RBAC issues.

Customers using Citrix XenServer 6.0.2 in the Common Criteria configuration are unaffected by the RBAC issues.

Vulnerability Impact:
These issues could, if exploited, allow an authenticated administrator to
perform a denial-of-service attack against the host, even when that administrator has a less-privileged RBAC role
(e.g. read-only). In addition, the issues could permit an attacker with the ability to influence NTP traffic on
the management network to disrupt time synchronization on the host until the next reboot.

Affected Software/OS:
XenServer 7.0

XenServer 6.5

XenServer 6.2.0

XenServer 6.0.2

Solution:
Apply the hotfix referenced in the advisory.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2017-5572
BugTraq ID: 95801
http://www.securityfocus.com/bid/95801
http://www.securitytracker.com/id/1037716
Common Vulnerability Exposure (CVE) ID: CVE-2017-5573
BugTraq ID: 95796
http://www.securityfocus.com/bid/95796
Common Vulnerability Exposure (CVE) ID: CVE-2015-5300
BugTraq ID: 77312
http://www.securityfocus.com/bid/77312
Debian Security Information: DSA-3388 (Google Search)
http://www.debian.org/security/2015/dsa-3388
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170684.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html
FreeBSD Security Advisory: FreeBSD-SA-16:02
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:02.ntp.asc
https://ics-cert.us-cert.gov/advisories/ICSA-15-356-01
https://www.cs.bu.edu/~goldbe/NTPattack.html
http://seclists.org/bugtraq/2016/Feb/164
RedHat Security Advisories: RHSA-2015:1930
http://rhn.redhat.com/errata/RHSA-2015-1930.html
http://www.securitytracker.com/id/1034670
SuSE Security Announcement: SUSE-SU:2016:1175 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html
SuSE Security Announcement: SUSE-SU:2016:1177 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html
SuSE Security Announcement: SUSE-SU:2016:1247 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html
SuSE Security Announcement: SUSE-SU:2016:1311 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html
SuSE Security Announcement: SUSE-SU:2016:1912 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html
SuSE Security Announcement: SUSE-SU:2016:2094 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html
SuSE Security Announcement: openSUSE-SU:2016:1292 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html
SuSE Security Announcement: openSUSE-SU:2016:1423 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html
http://www.ubuntu.com/usn/USN-2783-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-7704
BugTraq ID: 77280
http://www.securityfocus.com/bid/77280
CERT/CC vulnerability note: VU#718152
https://www.kb.cert.org/vuls/id/718152
https://security.gentoo.org/glsa/201607-15
https://eprint.iacr.org/2015/1020.pdf
RedHat Security Advisories: RHSA-2015:2520
http://rhn.redhat.com/errata/RHSA-2015-2520.html
http://www.securitytracker.com/id/1033951
Common Vulnerability Exposure (CVE) ID: CVE-2015-7705
BugTraq ID: 77284
http://www.securityfocus.com/bid/77284
CopyrightCopyright (C) 2017 Greenbone Networks GmbH

Esta es sólo una de 86218 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2020 E-Soft Inc. Todos los derechos reservados.