PT-2010-2385 · Citrix · Citrix Xenserver

Publicado

2010-02-12

Atualizado

2010-03-18

CVE-2010-0633

CVSS v2.0

4.6

Média

Vetor

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Citrix XenServer versions 5.0 Update 3 and earlier Citrix XenServer version 5.5

Description The issue allows local users to bypass authentication and execute unspecified Xen API (XAPI) calls.

Recommendations For Citrix XenServer versions 5.0 Update 3 and earlier, update to a version later than 5.0 Update 3 to resolve the issue. For Citrix XenServer version 5.5, update to a version later than 5.5 to resolve the issue. As a temporary workaround, consider restricting access to the Xen API (XAPI) to minimize the risk of exploitation.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2010-0633

Produtos afetados

Citrix Xenserver

PT-2010-2385 · Citrix · Citrix Xenserver

CVE-2010-0633

Identificadores relacionados

Produtos afetados

Referências · 9