English
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

Citrix XenServer Multiple Denial of Service Vulnerabilities


Secunia ID

SA52353

CVE-ID

CVE-2013-0153, CVE-2013-0215, CVE-2013-0216, CVE-2013-0217, CVE-2013-0231

Release Date

27 Feb 2013

Criticality

Not Critical

Solution Status

Vendor Patch

Where

Local system

Impact
DoS (Denial of Service)

This includes vulnerabilities ranging from excessive resource consumption (e.g. causing a system to use a lot of memory) to crashing an application or an entire system.

Description

Citrix has acknowledged multiple vulnerabilities in XenServer, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service).

For more information:
SA51881
SA52055
SA52056
SA52059

The vulnerabilities are reported in versions 6.1 and prior.

Solution

Apply updates.

Citrix XenServer version 6.1:
Apply XS61E013 and XS61E014
http://support.citrix.com/article/CTX136482
http://support.citrix.com/article/CTX136483

Citrix XenServer 6.0.2:
Apply XS602E020 and XS602E021
http://support.citrix.com/article/CTX136478
http://support.citrix.com/article/CTX136479

Citrix XenServer 6.0.2 CC:
Apply XS602ECC003 and XS602ECC004
http://support.citrix.com/article/CTX136480
http://support.citrix.com/article/CTX136481

Citrix XenServer 6.0.0:
Apply XS60E026 and XS60E027
http://support.citrix.com/article/CTX136476
http://support.citrix.com/article/CTX136477

Citrix XenServer 5.6 Service Pack 2:
Apply XS56ESP2023 and XS56ESP2024
http://support.citrix.com/article/CTX136474
http://support.citrix.com/article/CTX136475

Citrix XenServer 5.6 Feature Pack 1:
Apply XS56EFP1015 and XS56EFP1016
http://support.citrix.com/article/CTX136472
http://support.citrix.com/article/CTX136473

Citrix XenServer 5.6:
Apply XS56E017
http://support.citrix.com/article/CTX136470

Citrix XenServer 5.6 CC:
Apply XS56ECC007
http://support.citrix.com/article/CTX136471

Citrix XenServer 5.5 Update 2:
Apply XS55EU2015
http://support.citrix.com/article/CTX136469

Citrix XenServer 5.0 Update 3:
Apply XS50EU3015
http://support.citrix.com/article/CTX136468

Original Advisory

http://support.citrix.com/article/CTX136540