The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Citrix XenServer

vulnerability 24800

Citrix XenServer: denial of service

Synthesis of the vulnerability

An attacker, inside a guest system, can generate a fatal error of Citrix XenServer, in order to trigger a denial of service on the host system.
Impacted products: XenServer.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: privileged shell.
Creation date: 18/12/2017.
Identifiers: CERTFR-2017-AVI-476, CTX230624, VIGILANCE-VUL-24800.

Description of the vulnerability

An attacker, inside a guest system, can generate a fatal error of Citrix XenServer, in order to trigger a denial of service on the host system.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-17565

Xen: denial of service via X86 Log-dirty

Synthesis of the vulnerability

An attacker, inside a guest system, can generate a fatal error via X86 Log-dirty of Xen, in order to trigger a denial of service on the host system.
Impacted products: XenServer, Debian, Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Xen.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 12/12/2017.
Identifiers: CERTFR-2017-AVI-460, CERTFR-2018-AVI-171, CTX232096, CVE-2017-17565, DLA-1230-1, DLA-1549-1, DSA-4112-1, FEDORA-2017-16a414b3c5, FEDORA-2017-5945560816, openSUSE-SU-2018:0459-1, SUSE-SU-2018:0438-1, SUSE-SU-2018:0472-1, SUSE-SU-2018:0601-1, SUSE-SU-2018:0609-1, SUSE-SU-2018:0638-1, SUSE-SU-2018:0678-1, VIGILANCE-VUL-24740, XSA-251.

Description of the vulnerability

An attacker, inside a guest system, can generate a fatal error via X86 Log-dirty of Xen, in order to trigger a denial of service on the host system.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2017-17564

Xen: privilege escalation via X86 Shadow Mode Refcount Error

Synthesis of the vulnerability

An attacker, inside a guest system, can bypass restrictions via X86 Shadow Mode Refcount Error of Xen, in order to escalate his privileges on the host system.
Impacted products: XenServer, Debian, Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Xen.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 12/12/2017.
Identifiers: CERTFR-2017-AVI-460, CERTFR-2018-AVI-171, CTX232096, CVE-2017-17564, DLA-1230-1, DLA-1549-1, DSA-4112-1, FEDORA-2017-16a414b3c5, FEDORA-2017-5945560816, openSUSE-SU-2018:0459-1, SUSE-SU-2018:0438-1, SUSE-SU-2018:0472-1, SUSE-SU-2018:0601-1, SUSE-SU-2018:0609-1, SUSE-SU-2018:0638-1, SUSE-SU-2018:0678-1, VIGILANCE-VUL-24739, XSA-250.

Description of the vulnerability

An attacker, inside a guest system, can bypass restrictions via X86 Shadow Mode Refcount Error of Xen, in order to escalate his privileges on the host system.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2017-17563

Xen: privilege escalation via X86 Shadow Mode Refcount

Synthesis of the vulnerability

An attacker, inside a guest system, can bypass restrictions via X86 Shadow Mode Refcount of Xen, in order to escalate his privileges on the host system.
Impacted products: XenServer, Debian, Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Xen.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 12/12/2017.
Identifiers: CERTFR-2017-AVI-460, CERTFR-2018-AVI-171, CTX232096, CVE-2017-17563, DLA-1230-1, DLA-1549-1, DSA-4112-1, FEDORA-2017-16a414b3c5, FEDORA-2017-5945560816, openSUSE-SU-2018:0459-1, SUSE-SU-2018:0438-1, SUSE-SU-2018:0472-1, SUSE-SU-2018:0601-1, SUSE-SU-2018:0609-1, SUSE-SU-2018:0638-1, SUSE-SU-2018:0678-1, VIGILANCE-VUL-24738, XSA-249.

Description of the vulnerability

An attacker, inside a guest system, can bypass restrictions via X86 Shadow Mode Refcount of Xen, in order to escalate his privileges on the host system.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-17566

Xen: privilege escalation via X86 PV Guests

Synthesis of the vulnerability

An attacker, inside a guest system, can bypass restrictions via X86 PV Guests of Xen, in order to escalate his privileges on the host system.
Impacted products: XenServer, Debian, Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Xen.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 12/12/2017.
Identifiers: CERTFR-2017-AVI-460, CERTFR-2018-AVI-171, CTX232096, CVE-2017-17566, DLA-1230-1, DLA-1549-1, DSA-4112-1, FEDORA-2017-16a414b3c5, FEDORA-2017-5945560816, openSUSE-SU-2018:0459-1, SUSE-SU-2018:0438-1, SUSE-SU-2018:0472-1, SUSE-SU-2018:0601-1, SUSE-SU-2018:0609-1, SUSE-SU-2018:0638-1, SUSE-SU-2018:0678-1, VIGILANCE-VUL-24737, XSA-248.

Description of the vulnerability

An attacker, inside a guest system, can bypass restrictions via X86 PV Guests of Xen, in order to escalate his privileges on the host system.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-17045

Xen: privilege escalation via PoD Error Checking

Synthesis of the vulnerability

An attacker can bypass restrictions via PoD Error Checking of Xen, in order to escalate his privileges.
Impacted products: XenServer, Debian, Fedora, Xen.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 28/11/2017.
Identifiers: CERTFR-2017-AVI-433, CERTFR-2017-AVI-444, CTX230138, CVE-2017-17045, DLA-1230-1, DLA-1559-1, FEDORA-2017-16a414b3c5, FEDORA-2017-4bfcd57172, VIGILANCE-VUL-24555, XSA-247.

Description of the vulnerability

An attacker can bypass restrictions via PoD Error Checking of Xen, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2017-17044

Xen: infinite loop via PoD Error Checking

Synthesis of the vulnerability

An attacker can generate an infinite loop via PoD Error Checking of Xen, in order to trigger a denial of service.
Impacted products: XenServer, Debian, Fedora, Xen.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 28/11/2017.
Identifiers: CERTFR-2017-AVI-433, CERTFR-2017-AVI-444, CTX230138, CVE-2017-17044, DLA-1230-1, DLA-1559-1, FEDORA-2017-16a414b3c5, FEDORA-2017-4bfcd57172, VIGILANCE-VUL-24554, XSA-246.

Description of the vulnerability

An attacker can generate an infinite loop via PoD Error Checking of Xen, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2017-15597

Xen: privilege escalation via Grant Table

Synthesis of the vulnerability

An attacker, inside a guest system, can bypass restrictions via Grant Table of Xen, in order to escalate his privileges on the host system.
Impacted products: XenServer, Debian, Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Xen.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: privileged shell.
Creation date: 24/10/2017.
Identifiers: CERTFR-2017-AVI-377, CERTFR-2017-AVI-378, CTX229057, CVE-2017-15597, DLA-1549-1, DSA-4050-1, FEDORA-2017-009bc68243, FEDORA-2017-c4aa57d753, openSUSE-SU-2017:3193-1, openSUSE-SU-2017:3194-1, SUSE-SU-2017:3115-1, SUSE-SU-2017:3178-1, SUSE-SU-2017:3212-1, SUSE-SU-2017:3236-1, SUSE-SU-2017:3239-1, SUSE-SU-2017:3242-1, VIGILANCE-VUL-24226, XSA-236.

Description of the vulnerability

An attacker, inside a guest system, can bypass restrictions via Grant Table of Xen, in order to escalate his privileges on the host system.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-15594

Xen: privilege escalation via CPU Hotplug IST Settings

Synthesis of the vulnerability

An attacker, inside a guest system, can bypass restrictions via CPU Hotplug IST Settings of Xen, in order to escalate his privileges on the host system.
Impacted products: XenServer, Debian, Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Xen.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 12/10/2017.
Identifiers: CERTFR-2017-AVI-351, CTX228867, CVE-2017-15594, DLA-1559-1, DSA-4050-1, FEDORA-2017-5bcddc1984, FEDORA-2017-d4709b0d8b, openSUSE-SU-2017:2821-1, openSUSE-SU-2017:2916-1, SUSE-SU-2017:2812-1, SUSE-SU-2017:2815-1, SUSE-SU-2017:2856-1, SUSE-SU-2017:2864-1, SUSE-SU-2017:2873-1, VIGILANCE-VUL-24125, XSA-244.

Description of the vulnerability

An attacker, inside a guest system, can bypass restrictions via CPU Hotplug IST Settings of Xen, in order to escalate his privileges on the host system.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2017-15592

Xen: privilege escalation via Self-linear Shadow Mappings

Synthesis of the vulnerability

An attacker, inside a guest system, can bypass restrictions via Self-linear Shadow Mappings of Xen, in order to escalate his privileges on the host system.
Impacted products: XenServer, Debian, Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Xen.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 12/10/2017.
Identifiers: CERTFR-2017-AVI-351, CERTFR-2017-AVI-444, CTX228867, CTX230138, CVE-2017-15592, DLA-1181-1, DLA-1559-1, DSA-4050-1, FEDORA-2017-2500a024ef, FEDORA-2017-5bcddc1984, FEDORA-2017-c31799ee4a, FEDORA-2017-d4709b0d8b, FEDORA-2017-f2577f2108, openSUSE-SU-2017:2821-1, openSUSE-SU-2017:2916-1, SUSE-SU-2017:2812-1, SUSE-SU-2017:2815-1, SUSE-SU-2017:2856-1, SUSE-SU-2017:2864-1, SUSE-SU-2017:2873-1, SUSE-SU-2017:3212-1, SUSE-SU-2017:3236-1, SUSE-SU-2017:3239-1, SUSE-SU-2017:3242-1, VIGILANCE-VUL-24124, XSA-243.

Description of the vulnerability

An attacker, inside a guest system, can bypass restrictions via Self-linear Shadow Mappings of Xen, in order to escalate his privileges on the host system.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Citrix XenServer: