Citrix XenServer Windows Guest Tools Improper Input Validation Vulnerability

Summary

The Windows Guest Tools in Citrix XenServer 6.2 SP1 and earlier allows remote attackers to cause a denial of service (guest OS crash) via a crafted Ethernet frame.

Credit:

The information has been provided by Citrix

The original article can be found at:

http://support.citrix.com/article/CTX140814


Details

Windows guest VMs with the XenServer tools installed are at risk of a network-based denial of service attack from systems on the same local network. This denial of service attack may cause the Windows guest operating system to crash and could be exploited by sending specially crafted Ethernet frames to a vulnerable guest VM.

This vulnerability is present in the Citrix XenServer tools included with all versions of Citrix XenServer up to and including Citrix XenServer 6.2 SP1.

All Windows guest VMs with tools installed from versions of Citrix XenServer up to and including Citrix XenServer 6.2 are impacted. If Citrix XenServer 6.2 SP1 tools are installed then the impact is limited to guest VMs running Windows XP or Windows 2003.

Vulnerable Systems:

Citrix XenServer 6.0.2 Common Criteria
Citrix XenServer 6.0.2
Citrix XenServer 6.2 Service Pack 1
Citrix XenServer 6.2
Citrix XenServer 6.1
Citrix XenServer 6.0

CVE Information:

CVE-2014-3798

Disclosure Timeline:
Published Date:07/16/2019