Citrix Presentation Server IMA Service Multiple Remote Vulnerabilities
BID:20986
Info
Citrix Presentation Server IMA Service Multiple Remote Vulnerabilities
| Bugtraq ID: | 20986 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2006-5821 CVE-2006-5861 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 09 2006 12:00AM |
| Updated: | Jul 06 2016 02:40PM |
| Credit: | Eric Detoisien and an anonymous researcher are credited with the discovery of these issues. |
| Vulnerable: |
Citrix Presentation Server 4.0 Citrix MetaFrame XP Presentation Server for Windows 1.0 Citrix MetaFrame XP for MS NT 4.0 Server Terminal Server 1.0 Citrix MetaFrame XP for Microsoft Windows 2003 1.0 Citrix MetaFrame XP for Microsoft Windows 2000 1.0 Citrix MetaFrame Presentation Server 4.0 Citrix MetaFrame Presentation Server 3.0 Citrix MetaFrame XPs Citrix MetaFrame XPe Citrix MetaFrame XPa Citrix MetaFrame XP SP2 Citrix MetaFrame XP SP1 Citrix MetaFrame XP |
| Not Vulnerable: | |
Discussion
Citrix Presentation Server IMA Service Multiple Remote Vulnerabilities
Citrix Presentation Server's IMA service is prone to multiple remote vulnerabilities. These issues include a buffer-overflow vulnerability and a denial-of-service vulnerability.
These issue may allow an attacker to execute arbitrary code on the affected computer or to cause denial-of-service conditions.
Citrix Presentation Server's IMA service is prone to multiple remote vulnerabilities. These issues include a buffer-overflow vulnerability and a denial-of-service vulnerability.
These issue may allow an attacker to execute arbitrary code on the affected computer or to cause denial-of-service conditions.
Exploit / POC
Citrix Presentation Server IMA Service Multiple Remote Vulnerabilities
An attacker can exploit these issues by modifying packets and sending it to an affected computer; the attacker could employ readily available packet creation utliities to manipulate the packet data.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
An attacker can exploit these issues by modifying packets and sending it to an affected computer; the attacker could employ readily available packet creation utliities to manipulate the packet data.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution / Fix
Citrix Presentation Server IMA Service Multiple Remote Vulnerabilities
Solution:
The vendor has released fixes to address these issues. Please the references section for further information.
Citrix Presentation Server 4.0
Citrix MetaFrame XP Presentation Server for Windows 1.0
Citrix MetaFrame XP for Microsoft Windows 2000 1.0
Citrix MetaFrame XP for Microsoft Windows 2003 1.0
Citrix MetaFrame Presentation Server 3.0
Citrix MetaFrame Presentation Server 4.0
Solution:
The vendor has released fixes to address these issues. Please the references section for further information.
Citrix Presentation Server 4.0
-
Citrix Hotfix PSE400R02W2K002 - For Citrix Presentation Server 4.0 for Windows 2000 Server
http://support.citrix.com/servlet/KbServlet/download/11595-102-15580/P SE400R02W2K002.msp -
Citrix Hotfix PSE400R02W2K3002 - For Citrix Presentation Server 4.0 for Windows Server 2003
http://support.citrix.com/servlet/KbServlet/download/11578-102-15563/P SE400R02W2K3002.msp -
Citrix Hotfix PSE400W2K3X64019 - For Citrix Presentation Server 4.0 for Windows Server 2003 x64
http://support.citrix.com/servlet/KbServlet/download/11572-102-15557/P SE400W2K3X64019.msp
Citrix MetaFrame XP Presentation Server for Windows 1.0
-
Citrix Hotfix MPSE300R05W2K011 - For Metaframe Presentation Server 3.0 for Windows 2000 Server
http://support.citrix.com/servlet/KbServlet/download/11600-102-15585/M PSE300R05W2K011.msi
Citrix MetaFrame XP for Microsoft Windows 2000 1.0
-
Citrix Hotfix XE104R02W2K030 - For MetaFrame XP 1.0 for Windows 2000 Server
http://support.citrix.com/servlet/KbServlet/download/11606-102-15594/X E104R02W2K030.msp
Citrix MetaFrame XP for Microsoft Windows 2003 1.0
-
Citrix Hotfix XE104R02W2K3025 - For MetaFrame XP 1.0 for Windows Server 2003
http://support.citrix.com/servlet/KbServlet/download/11582-102-15567/X E104R02W2K3025.msp
Citrix MetaFrame Presentation Server 3.0
-
Citrix Hotfix MPSE300R05W2K3017 - For Metaframe Presentation Server 3.0 for Windows Server 2003
http://support.citrix.com/servlet/KbServlet/download/11587-102-15572/M PSE300R05W2K3017.msi
Citrix MetaFrame Presentation Server 4.0
-
Citrix Hotfix PSE400R02W2K002 - For Citrix Presentation Server 4.0 for Windows 2000 Server
http://support.citrix.com/servlet/KbServlet/download/11595-102-15580/P SE400R02W2K002.msp
References
Citrix Presentation Server IMA Service Multiple Remote Vulnerabilities
References:
References:
- Vulnerabilities in Presentation Server's IMA Service could result in a Denial o (Citrix)
- Citrix Presentation Server Home Page (Citrix)
- Citrix MetaFrame IMA Management Module Remote Heap Overflow (Zero Day Initiative)
- Citrix Presentation Server 4.0 IMA Service Invalid Name Length DoS Vulnerability (Eric Detoisien)