SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Generic)  >  MetaFrame Presentation Server Vendors:  Citrix
Citrix XenApp Bug Lets Remote Users Bypass Access Policy
SecurityTracker Alert ID:  1022114
SecurityTracker URL:  http://securitytracker.com/id?1022114
CVE Reference:  CVE-2009-2453   (Links to External Site)
Updated:  Jul 27 2009
Original Entry Date:  Apr 23 2009
Impact:  Host/resource access via network
Fix Available:  Yes   Vendor Confirmed:  Yes  
Version(s): 4.5 Hotfix Rollup Pack 3
Description:  A vulnerability was reported in XenApp (Presentation Server). A remote user can bypass access policy.

An access policy defined using the Access Gateway filters may not be applied.

Only Hotfix Rollup Pack 3 is affected.

Systems using Access Gateway Advanced Edition filters are affected.
Impact:  A remote user can bypass access policy.
Solution:  The vendor has issued a fix.

Citrix XenApp 4.5 for Windows Server 2003:

EN - http://support.citrix.com/article/CTX119069

ES - http://support.citrix.com/article/CTX119074

FR - http://support.citrix.com/article/CTX119071

DE - http://support.citrix.com/article/CTX119072

JA - http://support.citrix.com/article/CTX119073

RU - http://support.citrix.com/article/CTX119471

Citrix XenApp 4.5 for Windows Server 2003 x64 Editions:

EN - http://support.citrix.com/article/CTX119075

ES - http://support.citrix.com/article/CTX119079

FR - http://support.citrix.com/article/CTX119076

DE - http://support.citrix.com/article/CTX119077

JA - http://support.citrix.com/article/CTX119078

The vendor's advisory is available at:

http://support.citrix.com/article/CTX118792
Vendor URL:  support.citrix.com/article/CTX118792 (Links to External Site)
Cause:  Access control error
Underlying OS:  Windows (2003)

Message History:   None.

 Source Message Contents
Date:  Thu, 23 Apr 2009 08:01:10 -0400
Subject:  Vulnerability in XenApp 4.5 Hotfix Rollup Pack 3 could result in policy bypass

 
 
http://support.citrix.com/article/CTX118792


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2007, SecurityGlobal.net LLC