Citrix Presentation Server IMA Service Bugs Let Remote Users Execute Arbitrary Code and Deny Service
|
|
SecurityTracker Alert ID: 1017205
|
|
SecurityTracker URL: http://securitytracker.com/id?1017205
|
|
CVE Reference: CVE-2006-5821
(Links to External Site)
|
Updated: Nov 9 2006
|
Original Entry Date: Nov 9 2006
|
Impact: Denial of service via network, Execution of arbitrary code via network, User access via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): 4.0 and prior versions
|
Description: Two vulnerabilities were reported in Citrix Presentation Server. A remote user can execute arbitrary code on the target system. A remote user can cause denial of service conditions.
A remote user can send specially crafted data to the Independent Management Architecture (IMA) service to trigger a buffer overflow
and execute arbitrary code on the target system [CVE-2006-5821].
A remote user can also cause the IMA server process to crash.
The
vendor was notified of the buffer overflow vulnerability on June 16, 2006 and the denial of service vulnerability on July 3, 2006.
TippingPoint
reported the buffer overflow vulnerability.
Eric Detoisien and iDefense reported the denial of service vulnerability.
The
original advisories are available at:
http://www.zerodayinitiative.com/advisories/ZDI-06-038.html
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id
=441
|
Impact: A remote user can execute arbitrary code on the target system.
A remote user can cause denial of service conditions.
|
Solution: The vendor has issued the following fixes:
MetaFrame XP 1.0 for Windows 2000 Server:
EN - http://support.citrix.com/article/CTX111115
FR
- http://support.citrix.com/article/CTX111116
GE - http://support.citrix.com/article/CTX111117
JA - http://support.citrix.com/article/CTX111120
ES
- http://support.citrix.com/article/CTX111119
MetaFrame XP 1.0 for Windows Server 2003:
EN - http://support.citrix.com/article/CTX111134
FR
- http://support.citrix.com/article/CTX111136
GE - http://support.citrix.com/article/CTX111132
JA - http://support.citrix.com/article/CTX111131
ES
- http://support.citrix.com/article/CTX111135
MetaFrame Presentation Server 3.0 for Windows 2000 Server:
EN - http://support.citrix.com/article/CTX111124
FR
- http://support.citrix.com/article/CTX111126
GE - http://support.citrix.com/article/CTX111128
JA - http://support.citrix.com/article/CTX111129
ES
- http://support.citrix.com/article/CTX111127
MetaFrame Presentation Server 3.0 for Windows Server 2003:
EN - http://support.citrix.com/article/CTX111142
FR
- http://support.citrix.com/article/CTX111141
GE - http://support.citrix.com/article/CTX111140
JA - http://support.citrix.com/article/CTX111138
ES
- http://support.citrix.com/article/CTX111139
Citrix Presentation Server 4.0 for Windows 2000 Server:
EN - http://support.citrix.com/article/CTX110938
FR
- http://support.citrix.com/article/CTX111450
GE - http://support.citrix.com/article/CTX111451
JA - http://support.citrix.com/article/CTX111453
ES
- http://support.citrix.com/article/CTX111452
Citrix Presentation Server 4.0 for Windows Server 2003:
EN - http://support.citrix.com/article/CTX110939
FR
- http://support.citrix.com/article/CTX111468
GE - http://support.citrix.com/article/CTX111469
JA - http://support.citrix.com/article/CTX111467
ES
- http://support.citrix.com/article/CTX111470
Citrix Presentation Server 4.0 for Windows Server 2003 x64 Editions:
EN - http://support.citrix.com/article/CTX111145
FR - http://support.citrix.com/article/CTX111146
GE - http://support.citrix.com/article/CTX111147
JA - http://support.citrix.com/article/CTX111149
ES
- http://support.citrix.com/article/CTX111148
The Citrix advisory is available at:
http://support.citrix.com/article/CTX111186
|
Vendor URL: support.citrix.com/article/CTX111186 (Links to External Site)
|
Cause: Boundary error, Input validation error
|
Underlying OS: Windows (2000), Windows (2003)
|
|
Message History:
None.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
