 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.703729 |
| Kategorie: | Debian Local Security Checks |
| Titel: | Debian Security Advisory DSA 3729-1 (xen - security update) |
| Zusammenfassung: | Multiple vulnerabilities have been;discovered in the Xen hypervisor. The Common Vulnerabilities and Exposures project;identifies the following problems:;;CVE-2016-7777 (XSA-190);;Jan Beulich from SUSE discovered that Xen does not properly honor;CR0.TS and CR0.EM for x86 HVM guests, potentially allowing guest;users to read or modify FPU, MMX, or XMM register state information;belonging to arbitrary tasks on the guest by modifying an;instruction while the hypervisor is preparing to emulate it.;;CVE-2016-9379,;CVE-2016-9380 (XSA-198);;Daniel Richman and Gabor Szarka of the Cambridge University;Student-Run Computing Facility discovered that pygrub, the boot;loader emulator, fails to quote (or sanity check) its results when;reporting them to its caller. A malicious guest administrator can;take advantage of this flaw to cause an information leak or denial;of service.;;CVE-2016-9382 (XSA-192);;Jan Beulich of SUSE discovered that Xen does not properly handle x86;task switches to VM86 mode. A unprivileged guest process can take;advantage of this flaw to crash the guest or, escalate its;privileges to that of the guest operating system.;;CVE-2016-9383 (XSA-195);;George Dunlap of Citrix discovered that the Xen x86 64-bit bit test;instruction emulation is broken. A malicious guest can take;advantage of this flaw to modify arbitrary memory, allowing for;arbitrary code execution, denial of service (host crash), or;information leaks.;;CVE-2016-9385 (XSA-193);;Andrew Cooper of Citrix discovered that Xen's x86 segment base write;emulation lacks canonical address checks. A malicious guest;administrator can take advantage of this flaw to crash the host,;leading to a denial of service.;;CVE-2016-9386 (XSA-191);;Andrew Cooper of Citrix discovered that x86 null segments are not;always treated as unusable. An unprivileged guest user program;may be able to elevate its privilege to that of the guest;operating system. |
| Beschreibung: | Summary: Multiple vulnerabilities have been discovered in the Xen hypervisor. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-7777 (XSA-190) Jan Beulich from SUSE discovered that Xen does not properly honor CR0.TS and CR0.EM for x86 HVM guests, potentially allowing guest users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hypervisor is preparing to emulate it. CVE-2016-9379, CVE-2016-9380 (XSA-198) Daniel Richman and Gabor Szarka of the Cambridge University Student-Run Computing Facility discovered that pygrub, the boot loader emulator, fails to quote (or sanity check) its results when reporting them to its caller. A malicious guest administrator can take advantage of this flaw to cause an information leak or denial of service. CVE-2016-9382 (XSA-192) Jan Beulich of SUSE discovered that Xen does not properly handle x86 task switches to VM86 mode. A unprivileged guest process can take advantage of this flaw to crash the guest or, escalate its privileges to that of the guest operating system. CVE-2016-9383 (XSA-195) George Dunlap of Citrix discovered that the Xen x86 64-bit bit test instruction emulation is broken. A malicious guest can take advantage of this flaw to modify arbitrary memory, allowing for arbitrary code execution, denial of service (host crash), or information leaks. CVE-2016-9385 (XSA-193) Andrew Cooper of Citrix discovered that Xen's x86 segment base write emulation lacks canonical address checks. A malicious guest administrator can take advantage of this flaw to crash the host, leading to a denial of service. CVE-2016-9386 (XSA-191) Andrew Cooper of Citrix discovered that x86 null segments are not always treated as unusable. An unprivileged guest user program may be able to elevate its privilege to that of the guest operating system. Affected Software/OS: xen on Debian Linux Solution: For the stable distribution (jessie), these problems have been fixed in version 4.4.1-9+deb8u8. We recommend that you upgrade your xen packages. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2016-7777 BugTraq ID: 93344 http://www.securityfocus.com/bid/93344 https://security.gentoo.org/glsa/201611-09 http://www.securitytracker.com/id/1036942 Common Vulnerability Exposure (CVE) ID: CVE-2016-9379 BugTraq ID: 94473 http://www.securityfocus.com/bid/94473 https://security.gentoo.org/glsa/201612-56 http://www.securitytracker.com/id/1037347 Common Vulnerability Exposure (CVE) ID: CVE-2016-9380 Common Vulnerability Exposure (CVE) ID: CVE-2016-9382 BugTraq ID: 94470 http://www.securityfocus.com/bid/94470 http://www.securitytracker.com/id/1037341 Common Vulnerability Exposure (CVE) ID: CVE-2016-9383 BugTraq ID: 94474 http://www.securityfocus.com/bid/94474 http://www.securitytracker.com/id/1037346 Common Vulnerability Exposure (CVE) ID: CVE-2016-9385 BugTraq ID: 94472 http://www.securityfocus.com/bid/94472 http://www.securitytracker.com/id/1037342 Common Vulnerability Exposure (CVE) ID: CVE-2016-9386 BugTraq ID: 94471 http://www.securityfocus.com/bid/94471 http://www.securitytracker.com/id/1037340 |
| Copyright | Copyright (C) 2016 Greenbone Networks GmbH |
| Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |