SecurityTracker.com Archives - Citrix Presentation Server May Use a Weaker Encryption Algorithm

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us | Help |

SecurityTracker
Archives

Click to Sign Up

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Sign Up!

Category: Application (Generic) > MetaFrame Presentation Server

Vendors: Citrix

Citrix Presentation Server May Use a Weaker Encryption Algorithm

SecurityTracker Alert ID: 1020026

SecurityTracker URL: http://securitytracker.com/id?1020026

CVE Reference: CVE-2008-2299 (Links to External Site)

Updated: May 22 2008

Original Entry Date: May 15 2008

Impact: Disclosure of user information

Fix Available: Yes Vendor Confirmed: Yes

Version(s): 4.5 and prior versions

Description: A vulnerability was reported in Citrix Presentation Server. The system may use the incorrect encryption algorithm.

In certain situations, a remote client may connect to the server using encryption settings that are weaker than the minimum configured by the administrator.

Systems that use SecureICA and ICA Basic encryption are affected.

Citrix Access Essentials versions 2.0 and prior are also affected.

Citrix Desktop Server 1.0 is also affected.

Impact: The system may use weaker encryption settings than intended.

Solution: The vendor has issued the following fixes.

Citrix Presentation Server 4.5 for Windows Server 2003:

EN - http://support.citrix.com/article/CTX116289

FR - http://support.citrix.com/article/CTX116290

GE - http://support.citrix.com/article/CTX116291

JA - http://support.citrix.com/article/CTX116292

ES - http://support.citrix.com/article/CTX116293

Citrix Presentation Server 4.5 for Windows Server 2003 x64 Editions:

EN - http://support.citrix.com/article/CTX116294

FR - http://support.citrix.com/article/CTX116295

GE - http://support.citrix.com/article/CTX116296

JA - http://support.citrix.com/article/CTX116298

ES - http://support.citrix.com/article/CTX116299

Citrix Presentation Server 4.0 for Windows Server 2003:

EN - http://support.citrix.com/article/CTX113484

FR - http://support.citrix.com/article/CTX113778

GE - http://support.citrix.com/article/CTX113779

JA - http://support.citrix.com/article/CTX113781

ES - http://support.citrix.com/article/CTX113780

Citrix Access Essentials 2.0:

EN - http://support.citrix.com/article/CTX116289

FR - http://support.citrix.com/article/CTX116290

GE - http://support.citrix.com/article/CTX116291

JA - http://support.citrix.com/article/CTX116292

ES - http://support.citrix.com/article/CTX116293

Citrix Access Essentials 1.5:

EN - http://support.citrix.com/article/CTX113484

FR - http://support.citrix.com/article/CTX113778

GE - http://support.citrix.com/article/CTX113779

JA - http://support.citrix.com/article/CTX113781

ES - http://support.citrix.com/article/CTX113780

Citrix Access Essentials 1.0:

EN - http://support.citrix.com/article/CTX113484

FR - http://support.citrix.com/article/CTX113778

GE - http://support.citrix.com/article/CTX113779

JA - http://support.citrix.com/article/CTX113781

ES - http://support.citrix.com/article/CTX113780

Citrix Desktop Server 1.0 for Windows Server 2003:

EN - http://support.citrix.com/article/CTX116805

The vendor's advisory is available at:

http://support.citrix.com/article/CTX114893

Vendor URL: support.citrix.com/article/CTX114893 (Links to External Site)

Cause: Access control error

Underlying OS: Windows (2003)

Message History: None.

Source Message Contents

Date: Wed, 14 May 2008 22:16:40 -0400
Subject: Citrix Presentation Server

 
 
http://support.citrix.com/article/CTX114893

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us | Help
Copyright 2007, SecurityGlobal.net LLC