ESB-2018.2296 - [Linux][FreeBSD] Citrix products: Denial of service - Remote/unauthenticated 2018-08-09

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.2296
      Citrix Security Advisory for TCP Reassembly Resource Exhaustion
                               9 August 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Citrix Receiver for Linux
                   Citrix Linux Virtual Desktop
                   Citrix XenDesktop Volume Worker Template
Publisher:         Citrix
Operating System:  Linux variants
                   FreeBSD
Impact/Access:     Denial of Service -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-6922 CVE-2018-5390 

Reference:         ESB-2018.2287
                   ESB-2018.2278
                   ESB-2018.2277
                   ESB-2018.2275
                   ESB-2018.2271

Original Bulletin: 
   https://support.citrix.com/article/CTX237244

Comment: Citrix advises analysis of Citrix XenServer, Citrix XenMobile and 
         Citrix Licensing for this vulnerability is still in progress.

- --------------------------BEGIN INCLUDED TEXT--------------------

CTX237244

Citrix Security Advisory for TCP Reassembly Resource Exhaustion

Security Bulletin | Medium | Created: 08 Aug 2018 | Modified: 08 Aug 2018

Description of Problem

Several vulnerabilities in TCP reassembly commonly known as SegmentSmack have
recently been disclosed including CVE-2018-5390 for Linux and CVE-2018-6922 for
FreeBSD.  These vulnerabilities could potentially allow an attacker that has
the ability to maintain a TCP connection with a vulnerable component to send
crafted packets that cause high CPU usage or CPU resource exhaustion leading to
denial of service.

Vulnerable TCP reassembly is provided by some Linux-based or FreeBSD-based
operating systems. Customers managing Linux or FreeBSD platforms on which
Citrix components are deployed are advised to apply any appropriate operating
system updates.

The following sections provide guidance on the impact and mitigation steps for
Linux-based and FreeBSD-based Citrix products. Citrix products that do not
include or execute on these platforms are not impacted by this vulnerability.

Windows-based components of XenDesktop and XenApp are not impacted by this
issue.

- -------------------------------------------------------------------------------

What Citrix Is Doing

Citrix is in the process of analyzing the potential impact of this issue on
currently supported products.

- -------------------------------------------------------------------------------

Product Details

Citrix NetScaler

NetScaler VPX and NetScaler MPX are not impacted by this issue.

- -------------------------------------------------------------------------------

Citrix XenServer

Analysis of the impact of this issue on Citrix XenServer is in progress. This
section will be updated as soon as additional information is available.

- -------------------------------------------------------------------------------

Citrix XenMobile

Analysis of the impact of this issue on Citrix XenMobile is in progress. This
section will be updated as soon as additional information is available.

- -------------------------------------------------------------------------------

Citrix Receiver for Linux

Citrix recommends that customers apply any applicable patches to the underlying
Linux operating system.

- -------------------------------------------------------------------------------

Citrix Linux Virtual Desktop

Citrix Linux Virtual Desktop deployments may be impacted by this operating
system vulnerability. Citrix recommends that customers apply any applicable
patches to the underlying Linux operating system.

- -------------------------------------------------------------------------------

Citrix Licensing

Analysis of the impact of this issue on Citrix Licensing is in progress. This
section will be updated as soon as additional information is available.

- -------------------------------------------------------------------------------

Citrix XenDesktop Volume Worker Template

Amazon Web Services based deployments use the Linux AMI template. Guidance from
Amazon about this issue can be found at the following location: https://
aws.amazon.com/security/security-bulletins/AWS-2018-018/

- -------------------------------------------------------------------------------

The above list will be updated as the analysis into this issue progresses.

- -------------------------------------------------------------------------------

Obtaining Support on This Issue

If you require technical assistance with this issue, please contact Citrix
Technical Support. Contact details for Citrix Technical Support are available
at  https://www.citrix.com/support/open-a-support-case.html.

- -------------------------------------------------------------------------------

Reporting Security Vulnerabilities

Citrix welcomes input regarding the security of its products and considers any
and all potential vulnerabilities seriously. For guidance on how to report
security-related issues to Citrix, please see the following document: CTX081743
- - Reporting Security Issues to Citrix

- -------------------------------------------------------------------------------

Changelog

+----------------------------+------------------------------------------------+
|Date                        |Change                                          |
+----------------------------+------------------------------------------------+
|August 8th 2018             |Initial bulletin published                      |
+----------------------------+------------------------------------------------+

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBW2vZ92aOgq3Tt24GAQhWWRAAontHFq0mfbu8mgF9reGvNfBsYdUIf0N7
3XLcrsYF3IkBEh1ASDpCQMvUOUqKnSPu7ghSKpB9b/p0j7fYObGLfINTRBMHG01U
W7O5sTGP3YVQSYbk8yc3oB06QrvX/rTy07TxtWLYvgt88K3FDkAtoe7WiD9XBgy1
uypXkA3gtdogcpXGza4c5XwOBasoZZQabG7H+oc1Ug/FcLtdjj+QP7pcJ2hKnnHn
qxT3ss5U+tbxtqgkFRhyy6t3K6hWS0ftRf2gR2ft0u5zZCfFUMA0oGdnAy0OyuSJ
Ch3F5B/lk/vHgvk5VtCx6bKHuCZ2feBQjZqBspDpUqKDalnyMqreQ/uH2fG3Hp9Y
hQ2Tu4SN6mbGiWv/y51nFRU2vnCFMlc7vznIYWkHgdgv9u9MZRO9EqxyGqHP8HaF
bMjsjOvKQTExDC4WZ5yXDMqyw7r+WWDqphZf9WzFbbH3Z3Mysr//knh7qcUHjOqu
m/fYdDGpjNU77cgNTv3zqt+GNlB5OhsLLJNfgyFVW1eeQ/9VI9Mng4PQmRWHPZJA
FrfvqA46KxQTUi1DI5vZ4yycslbB/Iz7e2zwAB2y5mypiCHoAnFj0G8C5tTiog42
0ajgzqsKwvO9zM7Yi85azEk6kOHDIiSxEvV2z1diEHZrk++jLjTGk2sNkDVmtuRD
JK+1/43I1xw=
=vgwq
-----END PGP SIGNATURE-----

« Back to bulletins