Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.2296.2 Citrix Security Advisory for TCP Reassembly Resource Exhaustion 21 August 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Citrix Receiver for Linux Citrix Linux Virtual Desktop Citrix XenDesktop Volume Worker Template Publisher: Citrix Operating System: Linux variants FreeBSD Impact/Access: Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2018-6922 CVE-2018-5390 Reference: ESB-2018.2287 ESB-2018.2278 ESB-2018.2277 ESB-2018.2275 ESB-2018.2271 Original Bulletin: https://support.citrix.com/article/CTX237244 Comment: Citrix advises analysis of Citrix XenServer, Citrix XenMobile and Citrix Licensing for this vulnerability is still in progress. Revision History: August 21 2018: Added CVE-2018-5391 and CVE-2018-6923 details August 9 2018: Initial Release - --------------------------BEGIN INCLUDED TEXT-------------------- CTX237244 Citrix Security Advisory for TCP/IP Reassembly Resource Exhaustion Security Bulletin | Medium Created: 08 Aug 2018 | Modified: 16 Aug 2018 Description of Problem Several vulnerabilities in TCP/IP reassembly commonly known as SegmentSmack and FragmentSmack have recently been disclosed. SegmentSmack is CVE-2018-5390 for Linux and CVE-2018-6922 for FreeBSD. FragmentSmack is CVE-2018-5391 for Linux and CVE-2018-6923 for FreeBSD. These vulnerabilities could potentially allow an attacker that has the ability to maintain a TCP or IP stream with a vulnerable component to send crafted packets that cause high CPU usage or CPU resource exhaustion leading to denial of service. Vulnerable reassembly is provided by some Linux-based or FreeBSD-based operating systems. Customers managing Linux or FreeBSD platforms on which Citrix components are deployed are advised to apply any appropriate operating system updates. The following sections provide guidance on the impact and mitigation steps for Linux-based and FreeBSD-based Citrix products. Citrix products that do not include or execute on these platforms are not impacted by this vulnerability. Windows-based components of XenDesktop and XenApp are not impacted by this issue. - - ------------------------------------------------------------------------------- What Citrix Is Doing Citrix is in the process of analyzing the potential impact of this issue on currently supported products. - - ------------------------------------------------------------------------------- Product Details Citrix NetScaler NetScaler MPX and NetScaler VPX are not impacted by CVE-2018-5390, CVE-2018-6922, CVE-2018-5391 and CVE-2018-6923 NetScaler SVM and NetScaler MAS are not impacted by CVE-2018-5390 & CVE-2018-5391 - - ------------------------------------------------------------------------------- Citrix XenServer Analysis of the impact of this issue on Citrix XenServer is in progress. This section will be updated as soon as additional information is available. - - ------------------------------------------------------------------------------- Citrix XenMobile Analysis of the impact of this issue on Citrix XenMobile is in progress. This section will be updated as soon as additional information is available. - - ------------------------------------------------------------------------------- Citrix Receiver for Linux Citrix recommends that customers apply any applicable patches to the underlying Linux operating system. - - ------------------------------------------------------------------------------- Citrix Linux Virtual Desktop Citrix Linux Virtual Desktop deployments may be impacted by this operating system vulnerability. Citrix recommends that customers apply any applicable patches to the underlying Linux operating system. - - ------------------------------------------------------------------------------- Citrix Licensing Analysis of the impact of this issue on Citrix Licensing is in progress. This section will be updated as soon as additional information is available. - - ------------------------------------------------------------------------------- Citrix XenDesktop Volume Worker Template Amazon Web Services based deployments use the Linux AMI template. Guidance from Amazon about this issue can be found at the following location: https://aws.amazon.com/security/security-bulletins/AWS-2018-018/ - - ------------------------------------------------------------------------------- The above list will be updated as the analysis into this issue progresses. - - ------------------------------------------------------------------------------- Obtaining Support on This Issue If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at https://www.citrix.com/support/open-a-support-case.html. - - ------------------------------------------------------------------------------- Reporting Security Vulnerabilities Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For guidance on how to report security-related issues to Citrix, please see the following document: CTX081743 - Reporting Security Issues to Citrix - - ------------------------------------------------------------------------------- Changelog +--------------------+-------------------------------------------------------+ |Date |Change | +--------------------+-------------------------------------------------------+ |August 8th 2018 |Initial bulletin published | +--------------------+-------------------------------------------------------+ |August 16th 2018 |Added CVE-2018-5391 and CVE-2018-6923 details | +--------------------+-------------------------------------------------------+ - - ------------------------------------------------------------------------------- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBW3uFrWaOgq3Tt24GAQiQdxAAw2IpVtzn2jxuLlhxKZZqDzTYzQdKbg/d 6pUvs66WlRfN+uBhdppciVto0wbKfLIwpjzWZIi5GSU4GBJgoBRP8wWITsQ0uVAw GtGlgm9B2WXRSKIuDw9LKuetMCvCI93hbCDq7M2cM86HvAx5MrbJfoV+5tytVTww 0yrDFeDK+piRfjFg8pUfv3qm/tlwQXVxcddYTiriaFXgUUafdAkpUzpFZ06QngGb oK1P6EPt4rUFAmZOWvEcBbt5qFGTQS4nmegaH6bY/P9Y3w3Tl4dhAMbQmK2eYuEf 5eUZ+d9SqyLkme/GqNittWEhLsV3wdVeWwGUv0P6dEZ5uuII84Yi3Tcf3aNrOtGj 1kwKwO10aARTziTA1bYkse6rLnfTAnHOMGrCe734yhQq+jYlG2AHs6c7ntBZrRs7 CrXhJgKKNp4lOSp77dU/QPmhwgjJHxHmpLNLJuS42CAw2f84UbRZqRnrHKh5aeNb gVTmhcqH3TgB+7LvoZ6gurv1Q91P67YSSaPgetl5zkjdql00/tDxoCZN8HXFljxm 8xcQgnO7OkY4HCbqul0gRJYbBbXpifaFRlsuNP319AOjthkOEzOF7jXxyJ2NNyXd BCwAybkSr3gSUHEnfIfQSTrUgeZXHjQRPgVtJ5xOAJ42OIVSB5ezvrxWqklf5+8Z qxpoGWC6z58= =pv9s -----END PGP SIGNATURE-----