Lucene search
This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.CITRIX_XENSERVER_CTX234679.NASLHistoryMay 11, 2018 - 12:00 a.m.
Citrix XenServer Multiple Vulnerabilities (CTX234679)
2018-05-1100:00:00
This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
159
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
8.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
0.974 High
EPSS
Percentile
99.9%
The version of Citrix XenServer running on the remote host is missing a security hotfix. It is, therefore, affected by multiple vulnerabilities.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(109725);
script_version("1.7");
script_cvs_date("Date: 2018/07/16 12:48:31");
script_cve_id(
"CVE-2017-5754",
"CVE-2018-8897",
"CVE-2018-10982"
);
script_bugtraq_id(
102378,
104071
);
script_xref(name:"IAVA", value:"2018-A-0019");
script_name(english:"Citrix XenServer Multiple Vulnerabilities (CTX234679)");
script_summary(english:"Checks for patches.");
script_set_attribute(attribute:"synopsis", value:
"A server virtualization platform installed on the remote host is
affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of Citrix XenServer running on the remote host is missing
a security hotfix. It is, therefore, affected by multiple
vulnerabilities."
);
script_set_attribute(attribute:"see_also", value:"https://support.citrix.com/article/CTX234679");
script_set_attribute(attribute:"solution", value:
"Apply the appropriate hotfix according to the vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"vuln_publication_date",value:"2018/05/08");
script_set_attribute(attribute:"patch_publication_date",value:"2018/05/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2018/05/11");
script_set_attribute(attribute:"plugin_type",value:"local");
script_set_attribute(attribute:"cpe",value:"cpe:/a:citrix:xenserver");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("citrix_xenserver_version.nbin");
script_require_keys("Host/XenServer/version", "Host/local_checks_enabled", "Settings/ParanoidReport");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
if (report_paranoia < 2) audit(AUDIT_PARANOID);
app_name = "Citrix XenServer";
version = get_kb_item_or_exit("Host/XenServer/version");
get_kb_item_or_exit("Host/local_checks_enabled");
patches = get_kb_item("Host/XenServer/patches");
vuln = FALSE;
fix = '';
pending = "Refer to vendor for patch/mitigation options";
if (version == "6.0.2")
{
fix = "XS602ECC052"; # CTX234433
if (fix >!< patches) vuln = TRUE;
}
else if (version =~ "^6\.2")
{
fix = "XS62ESP1068"; # CTX234434
if (fix >!< patches) vuln = TRUE;
}
else if (version =~ "^6\.5($|[^0-9])")
{
fix = "XS65ESP1066"; # CTX234435
if (fix >!< patches) vuln = TRUE;
}
else if (version =~ "^7\.0($|[^0-9])")
{
fix = "XS70E055"; # CTX234436
if (fix >!< patches) vuln = TRUE;
}
else if (version =~ "^7\.1($|[^0-9])")
{
fix = "XS71ECU1016"; # CTX234437
if (fix >!< patches) vuln = TRUE;
}
else if (version =~ "^7\.2($|[^0-9])")
{
fix = "XS72E017"; # CTX234438
if (fix >!< patches) vuln = TRUE;
}
else if (version =~ "^7\.3($|[^0-9])")
{
fix = "XS73E004"; # CTX234439
if (fix >!< patches) vuln = TRUE;
}
else if (version =~ "^7\.4($|[^0-9])")
{
fix = "XS74E001"; # CTX234440
if (fix >!< patches) vuln = TRUE;
}
else audit(AUDIT_INST_VER_NOT_VULN, app_name, version);
if (vuln)
{
port = 0;
report = report_items_str(
report_items:make_array(
"Installed version", version,
"Missing hotfix", fix
),
ordered_fields:make_list("Installed version", "Missing hotfix")
);
security_report_v4(port:port, severity:SECURITY_HOLE, extra:report);
}
else audit(AUDIT_PATCH_INSTALLED, fix);
Related
citrix
citrix
Citrix XenServer Multiple Security Updates
2018-05-08 04:00:00
debian
debian
[SECURITY] [DLA 1383-1] xen security update
2018-05-25 11:03:07
[SECURITY] [DSA 4201-1] xen security update
2018-05-15 20:03:29
[SECURITY] [DSA 4078-1] linux security update
2018-01-04 22:25:28
nessus
nessus
Fedora 27 : xen (2018-98684f429b)
2018-05-17 00:00:00
Fedora 26 : xen (2018-7cd077ddd3)
2018-05-29 00:00:00
Fedora 28 : xen (2018-a7ac26523d)
2019-01-03 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-1383-1)
2018-05-27 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:1216-1)
2021-04-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:3230-1)
2021-04-19 00:00:00
osv
osv
xen - security update
2018-05-25 00:00:00
CVE-2018-10982
2018-05-10 23:29:00
xen - security update
2018-05-15 00:00:00
redhat
redhat
(RHSA-2018:1346) Important: kernel security and bug fix update
2018-05-08 20:17:11
(RHSA-2018:1353) Moderate: kernel security update
2018-05-08 21:59:19
(RHSA-2018:1352) Moderate: kernel security update
2018-05-08 21:59:05
debiancve
debiancve
redhatcve
redhatcve
cvelist
cvelist
nvd
nvd
cve
cve
suse
suse
Security update for xen (important)
2018-05-11 15:07:06
Security update for xen (important)
2018-05-09 18:08:03
Security update for xen (important)
2018-05-10 21:07:16
ubuntucve
ubuntucve
prion
prion
Input validation
2018-05-10 23:29:00
Privilege escalation
2018-05-08 18:29:00
Default configuration
2018-01-04 13:29:00
xen
xen
x86 vHPET interrupt injection errors
2018-05-08 16:45:00
x86: mishandling of debug exceptions
2018-05-08 16:45:00
fedora
fedora
[SECURITY] Fedora 28 Update: xen-4.10.1-2.fc28
2018-05-12 18:23:12
[SECURITY] Fedora 28 Update: xen-4.10.1-3.fc28
2018-05-26 20:47:24
[SECURITY] Fedora 28 Update: xen-4.10.1-4.fc28
2018-06-29 08:43:54
cisa
cisa
Debug Exception May Cause Unexpected Behavior
2018-05-08 00:00:00
oraclelinux
oraclelinux
kernel security update
2018-09-18 00:00:00
Unbreakable Enterprise kernel security update
2018-05-08 00:00:00
Unbreakable Enterprise kernel security update
2018-05-08 00:00:00
photon
photon
huawei
huawei
exploitpack
exploitpack
Microsoft Windows - POPMOV SS Privilege Escalation
2018-05-22 00:00:00
cert
cert
Hardware debug exception documentation may result in unexpected behavior
2018-05-08 00:00:00
packetstorm
packetstorm
Microsoft Windows POP/MOV SS Local Privilege Elevation
2018-07-13 00:00:00
veracode
veracode
Local Privilege Escalation
2019-01-15 09:21:51
mscve
mscve
Windows Kernel Elevation of Privilege Vulnerability
2018-05-08 07:00:00
freebsd
freebsd
FreeBSD -- Mishandling of x86 debug exceptions
2018-05-08 00:00:00
zdt
zdt
Microsoft Windows - POP/MOV SS Privilege Escalation Exploit
2018-05-23 00:00:00
metasploit
metasploit
Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability
2018-07-13 06:11:37
threatpost
threatpost
symantec
symantec
qualysblog
qualysblog
freebsd_advisory
freebsd_advisory
FreeBSD-SA-18:06.debugreg
2018-05-08 00:00:00
FreeBSD-SA-18:03.speculative_execution
2018-03-14 00:00:00
f5
f5
K17403481 : Linux kernel vulnerability CVE-2018-8897
2018-05-15 00:00:00
K05345625 : Linux kernel vulnerability CVE-2018-10872
2020-12-17 00:00:00
msrc
msrc
KVA Shadow: Mitigating Meltdown on Windows
2018-03-23 07:00:00
KVA Shadow: Mitigating Meltdown on Windows
2018-03-23 07:00:00
ubuntu
ubuntu
Linux kernel vulnerability
2018-01-09 00:00:00
Linux (Xenial HWE) vulnerability
2018-01-09 00:00:00
Linux kernel vulnerability
2018-01-09 00:00:00
alpinelinux
alpinelinux
CVE-2017-5754
2018-01-04 13:29:00
cloudfoundry
cloudfoundry
USN-3522-4: Linux kernel (Xenial HWE) regression | Cloud Foundry
2018-01-11 00:00:00
USN-3522-2: Linux (Xenial HWE) vulnerability | Cloud Foundry
2018-01-11 00:00:00
archlinux
archlinux
[ASA-201801-6] linux-lts: access restriction bypass
2018-01-08 00:00:00
exploitdb
exploitdb
Microsoft Windows - POP/MOV SS Local Privilege Elevation (Metasploit)
2018-07-13 00:00:00
Microsoft Windows - 'POP/MOV SS' Privilege Escalation
2018-05-22 00:00:00
mskb
mskb
kitploit
kitploit
mageia
mageia
Updated kernel packages fix security vulnerabilities
2018-02-23 20:14:35
Updated kernel-linus packages fix security vulnerabilities
2018-01-13 17:28:36
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
8.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
0.974 High
EPSS
Percentile
99.9%
Related for CITRIX_XENSERVER_CTX234679.NASL