Date: 05 September 2008
References: AL-2008.0080
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AA-2008.0189 AUSCERT Advisory
[Appliance]
DNS Cache Poisoning Vulnerability in Citrix Access Gateway
5 September 2008
- ---------------------------------------------------------------------------
AusCERT Advisory Summary
------------------------
Product: Citrix Access Gateway Standard Edition
Citrix Access Gateway Advanced Edition
Operating System: Network Appliance
Impact: Provide Misleading Information
Access: Remote/Unauthenticated
CVE Names: CVE-2008-1447
Member content until: Friday, October 03 2008
Ref: AL-2008.0080
OVERVIEW:
Citrix has identified a vulnerability in their Access Gateway that
can lead to DNS cache poisoning.
IMPACT:
The vendor has published the following details regarding this
vulnerability:
"A vulnerability has been identified in the Access Gateway Standard
and Advanced Edition appliance firmware that could affect the
functionality of Domain Name System (DNS) forwarding in the Access
Gateway appliance.
...
Citrix has verified that the firmware of the appliances for both
Access Gateway Standard Edition and Advanced Edition product lines
are vulnerable to this issue in all configurations." [1]
MITIGATION:
Citrix has released new firmware to correct this issue. It is
available for download from the Citrix website. [2]
REFERENCES:
[1] Vulnerability in Access Gateway Standard and Advanced Edition
Appliance firmware could result in DNS Cache Poisoning
http://support.citrix.com/article/CTX118183
[2] Hotfix AG2000_v457 Rev B - Access Gateway Standard Edition 4.5.7
http://support.citrix.com/article/CTX116762
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBSMDS3ih9+71yA2DNAQKW9gP/QXoAeov67oKIeqiAECX3nShzm0dz9mL0
VdJgWhxuzNWoXaeKotpC1HkMaN9Bfm50G+HDr35LpLsq2K8nWr77K/WsYHvxkP2r
8Z6GNdhm7IH58nyjG4d93I6aMCrtJmbbp1P36fsDS+gI+z/T9zHlFhJuo3411xl8
2fxBlFs5gxU=
=6ORA
-----END PGP SIGNATURE-----
|