SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Citrix Advanced Access Control Vendors:   Citrix
Citrix Advanced Access Control Lets Remote Authenticated Users Bypass Security Policy
SecurityTracker Alert ID:  1017227
SecurityTracker URL:  http://securitytracker.com/id/1017227
CVE Reference:   CVE-2006-6572   (Links to External Site)
Updated:  Jun 2 2008
Original Entry Date:  Nov 15 2006
Impact:   Host/resource access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 4.0, 4.2
Description:   A vulnerability was reported in Citrix Advanced Access Control. A remote authenticated user can bypass security policy.

When the Browser-Only access feature is used, the Advanced Access Control implementation may not properly enforce the correct policies on some resources. A remote authenticated user may be able to gain access to resources in violation of configured policies.

Also, when a user login occurs in a specific way, the remote authenticated user may be able to gain access to resources in violation of configured policies.

Access Gateway 4.2 with Advanced Access Control 4.2 (also called Access Gateway 4.2 Advanced Edition) and Advanced Access Control Option 4.0 (previously called Access Gateway Enterprise 4.0) are affected.

Access Gateway Standard Edition and Access Gateway Enterprise Edition are not affected.

Impact:   A remote user can bypass security policy in certain cases.
Solution:   The vendor has issued the following hotfixes.

Advanced Access Control Option 4.0:

EN - http://support.citrix.com/article/CTX110293

FR - http://support.citrix.com/article/CTX111605

GE - http://support.citrix.com/article/CTX111603

JA - http://support.citrix.com/article/CTX111606

ES - http://support.citrix.com/article/CTX111604

Access Gateway 4.2 Advanced Edition:

EN - http://support.citrix.com/article/CTX110439

FR - http://support.citrix.com/article/CTX111609

GE - http://support.citrix.com/article/CTX111607

JA - http://support.citrix.com/article/CTX111610

ES - http://support.citrix.com/article/CTX111608

The Citrix advisories are available at:

http://support.citrix.com/article/CTX111614
http://support.citrix.com/article/CTX111615

Vendor URL:  support.citrix.com/article/CTX111614 (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC