SecurityTracker.com Archives - Citrix Presentation Server Buffer Overflow in IMA Service Lets Remote Users Execute Arbitrary Code

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us | Help |

SecurityTracker
Archives

Welcome to SecurityTracker!

Click to Sign Up

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Sign Up!

Category: Application (Generic) > MetaFrame Presentation Server

Vendors: Citrix

Citrix Presentation Server Buffer Overflow in IMA Service Lets Remote Users Execute Arbitrary Code

SecurityTracker Alert ID: 1019231

SecurityTracker URL: http://securitytracker.com/id?1019231

CVE Reference: CVE-2008-0356 (Links to External Site)

Updated: Jan 23 2008

Original Entry Date: Jan 17 2008

Impact: Execution of arbitrary code via network, User access via network

Fix Available: Yes Vendor Confirmed: Yes

Version(s): 4.5 and prior versions

Description: A vulnerability was reported in Citrix Presentation Server. A remote user can execute arbitrary code on the target system.

A remote user can send a specially crafted packet to the IMA service on TCP port 2512 or 2512 to trigger a buffer overflow in the IMA service and execute arbitrary code on the target system. The code will run with the privileges of the target service.

Citrix Access Essentials and Citrix Desktop Server are also affected.

TippingPoint and the Zero Day Initiative reported this vulnerability.

Impact: A remote user can execute arbitrary code on the target system.

Solution: The vendor has issued the following fixes.

MetaFrame Presentation Server 3.0 for Windows 2000 Server:

EN - http://support.citrix.com/article/CTX115483

FR - http://support.citrix.com/article/CTX115484

DE - http://support.citrix.com/article/CTX115485

JA - http://support.citrix.com/article/CTX115487

ES - http://support.citrix.com/article/CTX115486

MetaFrame Presentation Server 3.0 for Windows Server 2003:

EN - http://support.citrix.com/article/CTX115488

FR - http://support.citrix.com/article/CTX115489

DE - http://support.citrix.com/article/CTX115490

JA - http://support.citrix.com/article/CTX115492

ES - http://support.citrix.com/article/CTX115491

Citrix Presentation Server 4.0 for Windows 2000 Server:

EN - http://support.citrix.com/article/CTX114960

FR - http://support.citrix.com/article/CTX115236

DE - http://support.citrix.com/article/CTX115234

JA - http://support.citrix.com/article/CTX115237

ES - http://support.citrix.com/article/CTX115235

Citrix Presentation Server 4.0 for Windows Server 2003:

EN - http://support.citrix.com/article/CTX114961

FR - http://support.citrix.com/article/CTX115229

DE - http://support.citrix.com/article/CTX115232

JA - http://support.citrix.com/article/CTX115233

ES - http://support.citrix.com/article/CTX115231

Citrix Presentation Server 4.0 for Windows Server 2003 x64 Editions:

EN - http://support.citrix.com/article/CTX115611

FR - http://support.citrix.com/article/CTX115612

DE - http://support.citrix.com/article/CTX115613

JA - http://support.citrix.com/article/CTX115615

ES - http://support.citrix.com/article/CTX115614

Citrix Presentation Server 4.5 for Windows Server 2003:

EN - http://support.citrix.com/article/CTX115275

FR - http://support.citrix.com/article/CTX115380

DE - http://support.citrix.com/article/CTX115381

JA - http://support.citrix.com/article/CTX115382

ES - http://support.citrix.com/article/CTX115384

Citrix Presentation Server 4.5 for Windows Server 2003 x64 Editions:

EN - http://support.citrix.com/article/CTX115278

FR - http://support.citrix.com/article/CTX115385

DE - http://support.citrix.com/article/CTX115386

JA - http://support.citrix.com/article/CTX115387

ES - http://support.citrix.com/article/CTX115388

Citrix Access Essentials 1.0:

EN - http://support.citrix.com/article/CTX114961

FR - http://support.citrix.com/article/CTX115229

DE - http://support.citrix.com/article/CTX115232

JA - http://support.citrix.com/article/CTX115233

ES - http://support.citrix.com/article/CTX115231

Citrix Access Essentials 1.5:

EN - http://support.citrix.com/article/CTX114961

FR - http://support.citrix.com/article/CTX115229

DE - http://support.citrix.com/article/CTX115232

JA - http://support.citrix.com/article/CTX115233

ES - http://support.citrix.com/article/CTX115231

Citrix Access Essentials 2.0:

EN - http://support.citrix.com/article/CTX115275

FR - http://support.citrix.com/article/CTX115380

DE - http://support.citrix.com/article/CTX115381

JA - http://support.citrix.com/article/CTX115382

ES - http://support.citrix.com/article/CTX115384

Citrix Desktop Server 1.0:

EN - http://support.citrix.com/article/CTX114878

Citrix Desktop Server 1.0 x64 Edition:

EN - http://support.citrix.com/article/CTX114879

The Citrix advisory is available at:

http://support.citrix.com/article/CTX114487

Vendor URL: support.citrix.com/article/CTX114487 (Links to External Site)

Cause: Boundary error

Underlying OS: Windows (2000), Windows (2003)

Message History: None.

Source Message Contents

Date: Thu, 17 Jan 2008 15:37:01 -0500
Subject: Citrix Presentation Server

 
 
Vulnerability in Presentation Server's IMA Service could result in arbitrary code execution.
 
http://support.citrix.com/article/CTX114487

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us | Help
Copyright 2007, SecurityGlobal.net LLC