SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Generic)  >   Citrix ICA Client Vendors:   Citrix
Citrix ICA Client Lets Local Users Monitor Keystrokes
SecurityTracker Alert ID:  1012280
SecurityTracker URL:  http://securitytracker.com/id/1012280
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Updated:  Nov 23 2004
Original Entry Date:  Nov 19 2004
Impact:   Disclosure of authentication information, Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 8.0 and prior versions
Description:   A vulnerability was reported in the Citrix ICA client software. A local user may be able to monitor ICA keystrokes.

The vendor reported that the ICA Win32 client version 8.0 and prior versions contain a debugging feature that allows a local user to create a log containing the keyboard scan codes transmitted during an ICA connection. The logger can be activated via the Citrix Program Neighborhood or the user's APPSRV.INI file located by default in '\Document and Settings\%username%\Application Data\ICAClient\'.

The ICA Win32 Web Client, ICA Win32 Program Neighborhood Client, and ICA Win32 Program Neighborhood Agent is affected.

Citrix credits Andre van der Lingen of Interpay Netherlands bv and Robert-Jan Mora of Hoffmann Investigations bv with reporting this flaw.

The vendor was notified on September 14, 2004.

The original advisory, including some demonstration exploit code, is available at:

http://www.hoffmannbv.nl/forensisch/nieuws/citrixkeyboardlogger.html
Impact:   A local user can monitor ICA keystrokes.
Solution:   The vendor has issued a fixed version (8.1 and later), available at:

http://www.citrix.com/site/SS/downloads/index.asp
Vendor URL:  support.citrix.com/kb/entry.jspa?entryID=5536&categoryID=149 (Links to External Site)
Cause:   Access control error
Underlying OS:   Windows (Any)

Message History:   None.

 Source Message Contents
Date:  Fri, 19 Nov 2004 16:27:05 -0500
Subject:  http://support.citrix.com/kb/entry.jspa?entryID=5536&categoryID=149


> MetaFrame Presentation Server Client for Win32 debugging functionality could 
> be misused

> Document ID: 	CTX105215

> Products: 	ICA Win32 Web Client, ICA Win32 Program Neighborhood Client, 
> ICA Win32 Program Neighborhood Agent

> Severity: Medium

Citrix rpeorted that the ICA Win32 client version 8.0 and prior versions contain a
debugging feature that allows a local user to create a log containing the keyboard
scan codes transmitted during an ICA connection.

The vendor has issued a fixed version (8.1 and later), available at:

http://www.citrix.com/site/SS/downloads/index.asp

Citrix credits Andre van der Lingen of Interpay Netherlands bv and Robert-Jan Mora of 
Hoffmann Investigations bv with reporting this flaw.


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC