|
|
| |
| Citrix Presentation Server is a product designed to allow remote access to applications over a network. Remote exploitation of an input validation error in Citrix Systems Inc.'s Metaframe Presentation Server 4.0 IMA service may allow an attacker to cause a denial of service (DoS) condition. |
| |
Credit:
The information has been provided by iDefense Labs Security Advisories.
The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=441
|
| |
Vulnerable Systems:
* Citrix Presentation Server version 4.0
The IMA (Independent Management Architecture) server component Citrix's Presentation Server (previously known as Metaframe) contains an input validation error in the handling of certain packet types. By constructing a specific packet, it is possible to cause the service to reference an unmapped memory address. This causes an unhandled exception, which in turn causes the service to exit, resulting in a DoS condition.
Analysis:
Successful exploitation of this vulnerability would allow a remote attacker to cause the IMA server component of the Citrix Presentation Server to crash, preventing access to the resources being shared on the server.
Vendor Response:
The vendor has released the following advisory to address this issue: http://support.citrix.com/article/CTX111186
Disclosure Timeline:
07/03/2006 - Initial vendor notification
07/05/2006 - Initial vendor response
11/09/2006 - Coordinated public disclosure
|
|
|
