PROBLEM:
A vulnerability was reported in Citrix XenServer. A local administrative user on the guest operating system can cause denial of service conditions.
PLATFORM:
Citrix XenServer 5.6 Feature Pack 1 and prior
ABSTRACT:
A local administrative user on a guest operating system can interrupt the normal operation of the target hypervisor.
referenceĀ LINKS:
Document ID: CTX129208
SecurityTracker Alert ID: 1025524
Document ID: CTX129103
Document ID: CTX129102
Document ID: CTX128844
Document ID: CTX129101
Document ID: CTX129100
Citrix Support
IMPACT ASSESSMENT
Medium
Discussion:
A number of denial of service vulnerabilities have been identified in Citrix XenServer. When triggered by an administrative user on a guest operating system, these vulnerabilities have the potential to cause an interruption to the normal operation of the Citrix XenServer hypervisor.
Impact:
The vulnerabilities affect all currently supported versions of Citrix XenServer up to and including version 5.6 Feature Pack 1.
Solution:
Hotfixes have been released to address the denial of service issues in all supported versions and update levels of the product. Citrix recommends that customers using Citrix XenServer identify the hotfixes that relate to their deployed Citrix XenServer environments, and apply all the relevant hotfixes:
For customers using Citrix XenServer 5.6 Feature Pack 1:
XenServer 5.6 Feature Pack 1
For customers using Citrix XenServer 5.6:
CTX129102: Citrix XenServer 5.6
CTX128844: Citrix XenServer 5.6
For customers using Citrix XenServer 5.5 Update 2:
XenServer 5.5 Update 2
For customers using Citrix XenServer 5.0 Update 3:
XenServer 5.0 Update 3