Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Device (Embedded Server/Appliance)  >   Citrix Access Gateway Vendors:   Citrix
Citrix Access Gateway Discloses Information That May Let Remote Users Compromise the Appliance
SecurityTracker Alert ID:  1017228
SecurityTracker URL:
CVE Reference:   CVE-2006-6573   (Links to External Site)
Updated:  Jun 2 2008
Original Entry Date:  Nov 15 2006
Impact:   Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Appliance versions 4.2, 4.2.1, 4.2.2
Description:   A vulnerability was reported in the Citrix Access Gateway appliance. A remote user can view files on the target system.

When Advanced Access Control is used with an Access Gateway appliance, a remote user can gain access to data on the target Access Gateway appliance. This information could allow a remote user to compromise the target appliance.

The Access Gateway 4.5 Advanced Edition and Access Gateway 4.2 Advanced Edition products (i.e., Access Gateway 4.2 with Advanced Access Control 4.2) are affected on appliance versions 4.2, 4.2.1, and 4.2.2.

Access Gateway appliances that do not use Advanced Access Control are not affected.

Citrix credits Thierry Zoller and Laurent Kempenaar of Telindus PSF with reporting this vulnerability.

Impact:   A remote user can obtain data from the target appliance that may allow the remote user to compromise the appliance.
Solution:   The vendor has issued a fixed version (4.2.3), available at:

Version 4.5 customers should access My Citrix Portal located in the Support > Downloads > Product Software section

The Citrix advisory is available at:

Vendor URL: (Links to External Site)
Cause:   Access control error

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, LLC