Citrix Presentation Server Session Reliability Flaw Lets Remote Users Bypass Security Policy Restrictions
|
|
SecurityTracker Alert ID: 1018098 |
|
SecurityTracker URL: http://securitytracker.com/id/1018098
|
|
CVE Reference:
CVE-2007-2850
(Links to External Site)
|
Updated: May 12 2008
|
Original Entry Date: May 23 2007
|
Impact:
Host/resource access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 3.0, 4.0
|
Description:
A vulnerability was reported in the Citrix MetaFrame Presentation Server. A remote user can connect to arbitrary ports.
A remote user can supply a specially crafted request to connect to arbitrary TCP ports on the target system.
Systems that have the Session Reliability feature disabled are not affected.
The following products and versions are affected:
Citrix MetaFrame Presentation Server 3.0
Citrix Presentation Server 4.0
Citrix Access Essentials 1.0
Citrix Access Essentials 1.5
Citrix credits Andrew Christensen of FortConsult with reporting this vulnerability.
|
Impact:
A remote user can connect to arbitrary ports on the target system.
|
Solution:
The vendor has issued the following fixes.
MetaFrame Presentation Server 3.0 for Windows 2000 Server:
EN - http://support.citrix.com/article/CTX112818
FR - http://support.citrix.com/article/CTX112821
DE - http://support.citrix.com/article/CTX112819
JA - http://support.citrix.com/article/CTX112820
ES - http://support.citrix.com/article/CTX112822
MetaFrame Presentation Server 3.0 for Windows Server 2003:
EN - http://support.citrix.com/article/CTX112813
FR - http://support.citrix.com/article/CTX112816
DE - http://support.citrix.com/article/CTX112814
JA - http://support.citrix.com/article/CTX112815
ES - http://support.citrix.com/article/CTX112817
Citrix Presentation Server 4.0 for Windows 2000 Server:
EN - http://support.citrix.com/article/CTX112844
FR - http://support.citrix.com/article/CTX112847
DE - http://support.citrix.com/article/CTX112845
JA - http://support.citrix.com/article/CTX112848
ES - http://support.citrix.com/article/CTX112846
Citrix Presentation Server 4.0 for Windows Server 2003:
EN - http://support.citrix.com/article/CTX112839
FR - http://support.citrix.com/article/CTX112842
DE - http://support.citrix.com/article/CTX112840
JA - http://support.citrix.com/article/CTX112843
ES - http://support.citrix.com/article/CTX112841
Citrix Presentation Server 4.0 for Windows Server 2003 x64 Editions:
EN - http://support.citrix.com/article/CTX112886
FR - http://support.citrix.com/article/CTX112887
DE - http://support.citrix.com/article/CTX112888
JA - http://support.citrix.com/article/CTX112890
ES - http://support.citrix.com/article/CTX112889
Citrix Access Essentials 1.0:
EN - http://support.citrix.com/article/CTX112839
FR - http://support.citrix.com/article/CTX112842
DE - http://support.citrix.com/article/CTX112840
ES - http://support.citrix.com/article/CTX112841
Citrix Access Essentials 1.5:
EN - http://support.citrix.com/article/CTX112839
FR - http://support.citrix.com/article/CTX112842
DE - http://support.citrix.com/article/CTX112840
ES - http://support.citrix.com/article/CTX112841
The Citrix advisory is available at:
http://support.citrix.com/article/CTX112964
|
Vendor URL: support.citrix.com/article/CTX112964 (Links to External Site)
|
Cause:
Access control error
|
Underlying OS: Windows (2000), Windows (2003)
|
|
Message History:
None.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
