copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Training
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login

  Home » Security Bul... » Security Bul... » AusCERT Exte... » ESB-2011.0047 - ALERT [Appliance] Citrix Access Gate...
 

ESB-2011.0047 - ALERT [Appliance] Citrix Access Gateway: Root compromise - Remote/unauthenticated
Date: 17 January 2011

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2011.0047
       Vulnerability in Citrix Access Gateway legacy authentication
                 support could result in command injection
                              17 January 2011

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Citrix Access Gateway 4.5 Advanced Edition
                   Citrix Access Gateway 4.5 Standard Edition
                   Citrix Access Gateway 4.6 Advanced Edition
                   Citrix Access Gateway 4.6 Standard Edition
                   Citrix Access Gateway 8.0 Enterprise Edition
                   Citrix Access Gateway 8.1 Enterprise Edition
                   Citrix Access Gateway 9.0 Enterprise Edition
                   Citrix Access Gateway 9.1 Enterprise Edition
                   Citrix Access Gateway 9.2 Enterprise Edition
                   Citrix Access Gateway VPX 4.6
Publisher:         Citrix
Operating System:  Network Appliance
Impact/Access:     Root Compromise -- Remote/Unauthenticated
Resolution:        Mitigation
CVE Names:         CVE-2010-4566  

Original Bulletin: 
   http://support.citrix.com/article/CTX127613

- --------------------------BEGIN INCLUDED TEXT--------------------

Vulnerability in Citrix Access Gateway legacy authentication support could 
result in command injection

Document ID: CTX127613   /   Created On: 14-Dec-2010   /   Updated On: 
13-Jan-2011

Average Rating: 3 (2 ratings)

Severity: High

Description of Problem

A vulnerability has been identified in the NT4 authentication component of 
Access Gateway Enterprise, and the NTLM authentication component of Access 
Gateway Standard Edition that, when exploited, could allow an attacker to 
subvert the authentication process. In some cases, this could result in the 
attacker being able to execute commands on the appliance in the context of
the root user.

This vulnerability only affects Access Gateway customers that are using the 
authentication methods specified above.

The vulnerable components are present in all versions of Access Gateway 
Enterprise Edition prior to version 9.2-49.8, and all versions of the Access 
Gateway Standard and Advanced Editions prior to Access Gateway 5.0.

What Customers Should Do

The use of the vulnerable authentication methods has been deprecated in the 
Access Gateway product line, and support for these methods has also been 
removed from the latest versions of these products.

Citrix recommends that affected customers review their use of the deprecated 
components, and migrate to another authentication method.

Acknowledgements

Citrix thanks George Gal of VSR (http://www.vsecurity.com/) for working with 
us to protect Citrix customers

What Citrix Is Doing

Citrix is notifying customers and channel partners about this potential 
security issue. This article is also available from the Citrix Knowledge 
Center at http://support.citrix.com/.

Obtaining Support on This Issue

If you require technical assistance with this issue, please contact Citrix 
Technical Support. Contact details for Citrix Technical Support are available 
at http://www.citrix.com/site/ss/supportContacts.asp.

Reporting Security Vulnerabilities to Citrix

Citrix welcomes input regarding the security of its products and considers any 
and all potential vulnerabilities seriously. If you would like to report a 
security issue to Citrix, please compose an e-mail to secure@citrix.com stating 
the exact version of the product in which the vulnerability was found and the 
steps needed to reproduce the vulnerability

This document applies to:

    * Access Gateway 4.5 Advanced Edition
    * Access Gateway 4.5 Standard Edition
    * Access Gateway 4.6 Advanced Edition
    * Access Gateway 4.6 Standard Edition
    * Access Gateway 8.0 Enterprise Edition
    * Access Gateway 8.1 Enterprise Edition
    * Access Gateway 9.0 Enterprise Edition
    * Access Gateway 9.1 Enterprise Edition
    * Access Gateway 9.2 Enterprise Edition
    * Access Gateway VPX 4.6

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iD8DBQFNM7OC/iFOrG6YcBERAjoCAKDFNbubiiOXYWoF5BvExed7d1d5iQCgw3JI
j/V1Z9JmTQMrhWtC5Xp9GsM=
=9poc
-----END PGP SIGNATURE-----




Comments? Click here http://www.auscert.org.au/render.html?cid=1980&it=13833