Date: 18 January 2008
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AA-2008.0013 AUSCERT Advisory
[Win]
Vulnerability in Citrix Presentation Server could result in
arbitrary code execution
18 January 2008
- ---------------------------------------------------------------------------
AusCERT Advisory Summary
------------------------
Product: MetaFrame Presentation Server 3.0
for Windows 2000 Server
MetaFrame Presentation Server 3.0
for Windows Server 2003
Citrix Presentation Server 4.0
for Windows 2000 Server
Citrix Presentation Server 4.0
for Windows Server 2003
Citrix Presentation Server 4.0
for Windows Server 2003 x64 Editions
Citrix Presentation Server 4.5
for Windows Server 2003
Citrix Presentation Server 4.5
for Windows Server 2003 x64 Editions
Citrix Access Essentials 1.0
Citrix Access Essentials 1.5
Citrix Access Essentials 2.0
Citrix Desktop Server 1.0
Citrix Desktop Server 1.0 x64 Edition
Operating System: Windows Server 2003
Windows 2000
Impact: Execute Arbitrary Code/Commands
Access: Existing Account
Member content until: Friday, February 15 2008
OVERVIEW:
A vulnerability has been reported in all versions of Citrix
MetaFrame and Presentation Server that if successfully exploited
can result in the execution of arbitrary code.
IMPACT:
Citrix has released the following information regarding this
vulnerability:
"The IMA service is used by Citrix Presentation Server for
inter-sever and management communications. Sending a specifically
crafted packet could result in an internal buffer being overflowed.
This could lead to execution of malicious code in the context of the
IMA server process." [1]
This vulnerability is limited to the local network as "Access to
IMA ports 2512 or 2513 would be needed to exploit these issues. In
typical deployments of Citrix Presentation Server these ports would
not be externally accessible." [1]
MITIGATION:
The vendor has released a hotfix for all affected products. Please
visit the Citrix website to find the link relating to your product.
[1]
REFERENCES:
[1] Vulnerability in Presentation Server's IMA Service could result
in arbitrary code execution.
http://support.citrix.com/article/CTX114487
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBR5AEhyh9+71yA2DNAQK3FgP+OtbTMBgE2GePbxjswDbuDv8ron7haa9J
gweaVx0KuKvVvl05IPErcacE2yt+ZCNwRRNPjHn4qwDWags513gme8HN8j12xE/s
eKDimEbWW3kq/xH29r/fluKkrkICTVb7ji5AHAPl6iGzu5xBfqkphKBjELBsRAAP
3SrvoCeZ1as=
=T+jo
-----END PGP SIGNATURE-----
|