---------------------------------------------------------------------- Secunia integrated with Microsoft WSUS http://secunia.com/blog/71/ ---------------------------------------------------------------------- TITLE: XenServer Xen API Security Bypass Vulnerability SECUNIA ADVISORY ID: SA38431 VERIFY ADVISORY: http://secunia.com/advisories/38431/ DESCRIPTION: A vulnerability has been reported in XenServer, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an unspecified error, which can be exploited to execute certain unspecified Xen API calls without proper authentication. The vulnerability is reported in XenServer 5.0 Update 3 and earlier and XenServer 5.5. NOTE: XenServer 5.5 Update 1 is not affected. SOLUTION: Update to XenServer 5.5 Update 1 or apply hotfix. XenServer 5.5 Update 1: http://support.citrix.com/article/CTX123673 Hotfix for Citrix XenServer 5.0: http://support.citrix.com/article/CTX123460 Hotfix for Citrix XenServer 5.5: http://support.citrix.com/article/CTX123193 PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://support.citrix.com/article/CTX123456 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------