You are here

V-194: Citrix XenServer Memory Management Error Lets Local Administrative Users on the Guest Gain Access on the Host

July 8, 2013 - 12:24am

Addthis

PROBLEM:

Citrix XenServer Memory Management Error Lets Local Administrative Users on the Guest Gain Access on the Host 

PLATFORM:

Citrix XenServer 5.0 - 6.2

ABSTRACT:

A vulnerability was reported in Citrix XenServer.

REFERENCE LINKS:

CTX138134
SecurityTracker Alert ID:  1028740
CVE-2013-1432

IMPACT ASSESSMENT:

Medium

DISCUSSION:

A local administrative user on a PV guest can exploit a memory management page reference counting error to gain access on the target host server.

IMPACT:

A local user on the guest operating system can obtain access on the target host system.

SOLUTION:

The vendor has issued a hotfix.

Addthis