You are here

T-621: Citrix XenServer Lets Local Administrative Users on the Guest OS Deny Service

May 12, 2011 - 3:00pm

Addthis

PROBLEM:

A vulnerability was reported in Citrix XenServer. A local administrative user on the guest operating system can cause denial of service conditions.

PLATFORM:

Citrix XenServer 5.6 Feature Pack 1 and prior

ABSTRACT:

A local administrative user on a guest operating system can interrupt the normal operation of the target hypervisor.

referenceĀ  LINKS:

Document ID: CTX129208
SecurityTracker Alert ID: 1025524
Document ID: CTX129103
Document ID: CTX129102
Document ID: CTX128844
Document ID: CTX129101
Document ID: CTX129100
Citrix Support

IMPACT ASSESSMENT

Medium

Discussion:

A number of denial of service vulnerabilities have been identified in Citrix XenServer. When triggered by an administrative user on a guest operating system, these vulnerabilities have the potential to cause an interruption to the normal operation of the Citrix XenServer hypervisor.

Impact:

The vulnerabilities affect all currently supported versions of Citrix XenServer up to and including version 5.6 Feature Pack 1.

Solution:

Hotfixes have been released to address the denial of service issues in all supported versions and update levels of the product. Citrix recommends that customers using Citrix XenServer identify the hotfixes that relate to their deployed Citrix XenServer environments, and apply all the relevant hotfixes:

For customers using Citrix XenServer 5.6 Feature Pack 1:
XenServer 5.6 Feature Pack 1
For customers using Citrix XenServer 5.6:
CTX129102: Citrix XenServer 5.6
CTX128844: Citrix XenServer 5.6
For customers using Citrix XenServer 5.5 Update 2:
XenServer 5.5 Update 2
For customers using Citrix XenServer 5.0 Update 3:
XenServer 5.0 Update 3

Citrix Support

Addthis