The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Xen: denial of service via the paging management

Synthesis of the vulnerability 

An attacker can raise a fatal exception in the page table management of Xen, in order to trigger a denial of service.
Vulnerable systems: XenDesktop, XenServer, Debian, Fedora, openSUSE, SLES, Unix (platform) ~ not comprehensive.
Severity of this threat: 1/4.
Creation date: 27/06/2013.
Références of this weakness: BID-60799, CERTA-2013-AVI-394, CERTA-2013-AVI-496, CTX138134, CTX138633, CVE-2013-1432, DSA-3006-1, FEDORA-2013-11837, FEDORA-2013-11871, FEDORA-2013-11874, openSUSE-SU-2013:1392-1, openSUSE-SU-2013:1404-1, SUSE-SU-2014:0446-1, VIGILANCE-VUL-13010, XSA-58.

Description of the vulnerability 

In a Xen based system, memory page frames are managed both by Xen and by the guest systems.

Xen frees pages frames when no guest system uses them anymore. However, when fixing the vulnerability described in VIGILANCE-VUL-12747, an error in the reference counter handling has been introduced. A malicious guest system can then make Xen prematurely free a page, which leads to an exception in Xen at the first access after free, and then to host system halt.

An attacker can therefore raise a fatal exception in the page table management of Xen, in order to trigger a denial of service.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This security threat impacts software or systems such as XenDesktop, XenServer, Debian, Fedora, openSUSE, SLES, Unix (platform) ~ not comprehensive.

Our Vigil@nce team determined that the severity of this computer weakness note is low.

The trust level is of type confirmed by the editor, with an origin of user console.

An attacker with a expert ability can exploit this computer threat alert.

Solutions for this threat 

Xen: version 4.2.3.
The version 4.2.3 is fixed:
  http://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.2
  http://www.xenproject.org/downloads/xen-archives/supported-xen-42-series/xen-423.html

Xen: version 4.1.6.1.
The version 4.1.6.1 is fixed:
  http://www.xenproject.org/downloads/xen-archives/supported-xen-41-series/xen-4161.html
  http://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.1

Xen 4: patch for XSA-58.
Two patches are available in the information sources, one for Xen 4.1 and a second one for Xen 4.2.

Citrix XenClient XT: versions 2.1.3 and 3.1.4.
Versions 2.1.3 and 3.1.4 are fixed:
  http://www.citrix.com/downloads/xenclient/product-software/xenclient-xt-213.html
  http://www.citrix.com/downloads/xenclient/product-software/xenclient-xt-314.html

Citrix XenServer: patch for paging management.
A patch is available:
  Citrix XenServer 6.2.0 : http://support.citrix.com/article/CTX138349
  Citrix XenServer 6.1 : http://support.citrix.com/article/CTX138348
  Citrix XenServer 6.0.2 : http://support.citrix.com/article/CTX138347
  Citrix XenServer 6.0.0 : http://support.citrix.com/article/CTX138346
Other links for the version 5 are provided in the Citrix announce.

Debian: new xen packages.
New packages are available:
  Debian 7: xen 4.1.4-3+deb7u2

Fedora 19: new xen packages.
New packages are available:
  xen-4.2.2-10.fc19

Fedora: new xen packages.
New packages are available:
  Fedora 18 : xen-4.2.2-10.fc18
  Fedora 17 : xen-4.1.5-9.fc17

openSUSE 12.2: new xen packages.
New packages are available:
  xen-4.1.5_04-5.29.1

openSUSE 12.3: new xen packages.
New packages are available:
  xen-4.2.2_06-1.16.1

SUSE LE 11 SP1: new xen packages.
New packages are available:
  SUSE LE 11: xen 4.0.3_21548_16-0.5.1
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides an application vulnerability announce. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.