Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

   


   


   

















      :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: [SA28508] Citrix Presentation Server IMA Service Buffer Overflow Vulnerability



>
> TITLE:
> Citrix Presentation Server IMA Service Buffer Overflow Vulnerability
>
> SECUNIA ADVISORY ID:
> SA28508
>
> VERIFY ADVISORY:
> http://secunia.com/advisories/28508/
>
> CRITICAL:
> Moderately critical
>
> IMPACT:
> System access
>
> WHERE:
> From local network
>
> SOFTWARE:
> Citrix MetaFrame Presentation Server 3.x
> http://secunia.com/product/3805/
> Citrix Presentation Server 4.x
> http://secunia.com/product/5270/
> Citrix Access Essentials 1.x
> http://secunia.com/product/14311/
> Citrix Access Essentials 2.x
> http://secunia.com/product/16553/
> Citrix Desktop Server 1.x
> http://secunia.com/product/17223/
>
> DESCRIPTION:
> A vulnerability has been reported in Citrix Presentation Server,
> which can be exploited by malicious people to compromise a vulnerable
> system.
>
> The vulnerability is caused due to a boundary error in the IMA
> service and can be exploited to cause a buffer overflow via a
> specially crafted packet sent to port 2512/TCP or 2513/TCP.
>
> Successful exploitation allows execution of arbitrary code.
>
> The vulnerability affects the following products and versions:
> * Citrix MetaFrame Presentation Server 3.0 for Microsoft Windows
> 2000
> * Citrix MetaFrame Presentation Server 3.0 for Microsoft Windows
> 2003
> * Citrix Presentation Server 4.0 for Microsoft Windows 2000
> * Citrix Presentation Server 4.0 for Microsoft Windows 2003
> * Citrix Presentation Server 4.0 x64 Edition
> * Citrix Presentation Server 4.5 for Windows Server 2003 Russian
> Edition
> * Citrix Presentation Server 4.5 for Windows Server 2003
> * Citrix Presentation Server 4.5 for Windows Server 2003 x64 Edition
> * Citrix Access Essentials 1.0
> * Citrix Access Essentials 1.5
> * Citrix Access Essentials 2.0
> * Citrix Desktop Server 1.0
> * Citrix Desktop Server 1.0 x64
>
> SOLUTION:
> Apply hotfix (see vendor advisory for details).
> http://support.citrix.com/article/CTX114487
>
> PROVIDED AND/OR DISCOVERED BY:
> The vendor credits TippingPoint/ZDI.
>
> ORIGINAL ADVISORY:
> CTX114487:
> http://support.citrix.com/article/CTX114487
>



 




Copyright © Lexa Software, 1996-2009.