Citrix MetaFrame Multiple Vulnerabilities
BID:12821
Info
Citrix MetaFrame Multiple Vulnerabilities
| Bugtraq ID: | 12821 |
| Class: | Unknown |
| CVE: |
CVE-2005-0821 CVE-2005-0822 |
| Remote: | Yes |
| Local: | Yes |
| Published: | Mar 16 2005 12:00AM |
| Updated: | Jul 12 2009 10:56AM |
| Credit: | These vulnerabilities were announced by the vendor. |
| Vulnerable: |
Citrix MetaFrame Password Manager 2.5 Citrix MetaFrame Password Manager 2.0 Citrix MetaFrame Conferencing Manager 3.0 |
| Not Vulnerable: | |
Discussion
Citrix MetaFrame Multiple Vulnerabilities
Citrix MetaFrame is reported prone to multiple vulnerabilities. The following individual issues are reported to exist:
The first issue is reported to affect the Citrix MetaFrame Conferencing Manager application. It is reported that users that are partaking in a conference may have keyboard and mouse control over the conference host even when the conference host has specified that keyboard and mouse control is not permitted.
The second issue is reported to affect the Citrix MetaFrame Password Manager. It is reported that the secondary password may be viewed even if it has been configured as inaccessible.
A local attacker may exploit this vulnerability to view the secondary password assigned to them.
This vulnerability is reported to affect Citrix MetaFrame Password Manager version 2.5 and previous versions.
Citrix MetaFrame is reported prone to multiple vulnerabilities. The following individual issues are reported to exist:
The first issue is reported to affect the Citrix MetaFrame Conferencing Manager application. It is reported that users that are partaking in a conference may have keyboard and mouse control over the conference host even when the conference host has specified that keyboard and mouse control is not permitted.
The second issue is reported to affect the Citrix MetaFrame Password Manager. It is reported that the secondary password may be viewed even if it has been configured as inaccessible.
A local attacker may exploit this vulnerability to view the secondary password assigned to them.
This vulnerability is reported to affect Citrix MetaFrame Password Manager version 2.5 and previous versions.
Exploit / POC
Citrix MetaFrame Multiple Vulnerabilities
No exploit is required.
No exploit is required.
Solution / Fix
Citrix MetaFrame Multiple Vulnerabilities
Solution:
The following Hotfixes are available:
Citrix MetaFrame Password Manager 2.5
Citrix MetaFrame Conferencing Manager 3.0
Solution:
The following Hotfixes are available:
Citrix MetaFrame Password Manager 2.5
-
Citrix MPM250W006.msi
http://support.citrix.com/servlet/KbServlet/download/5926-102-12808/MP M250W006.msi
Citrix MetaFrame Conferencing Manager 3.0
-
Citrix MCM300W012.msi
http://support.citrix.com/servlet/KbServlet/download/5902-102-12783/MC M300W012%20.msi
References
Citrix MetaFrame Multiple Vulnerabilities
References:
References: