SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Generic)  >  MetaFrame Presentation Server Vendors:  Citrix
Citrix MetaFrame Presentation Server Lets Remote Authenticated Administrators Access a Target User's Client Drives
SecurityTracker Alert ID:  1009970
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Apr 28 2004
Impact:  User access via network
Fix Available:  Yes   Vendor Confirmed:  Yes  
Version(s): prior to 3.0
Description:  A vulnerability was reported in Citrix MetaFrame Presentation Server. An administrator may be able to access another user's client drives.

Citrix reported that a remote authenticated administrator can run a specially crafted program to access a target user's client drives via the target user's ICA connection. No further details were provided.
Impact:  A remote authenticated administrator can access a target user's client drives.
Solution:  The vulnerability has been fixed in MetaFrame XP Presentation Server 3.0 and in hotfixes for previous releases. The following hotfixes are available [see the Citrix advisory at http://support.citrix.com/kb/entry.jspa?entryID=4289&categoryID=118 for download URLs]:

MetaFrame XP 1.0 for Windows 2000 Server

Hotfix XE103W2K082 - For MetaFrame XP 1.0 for Windows 2000 Server - English

Hotfix XS103W2K082 - For MetaFrame XP 1.0 for Windows 2000 Server - Spanish

Hotfix XG103W2K082 - For MetaFrame XP 1.0 for Windows 2000 Server - German

Hotfix XF103W2K082 - For MetaFrame XP 1.0 for Windows 2000 Server - French

MetaFrame XP 1.0 for Windows Server 2003

Hotfix XE103W2K3024 - For MetaFrame XP 1.0 for Windows Server 2003 - English

Hotfix XS103W2K3024 - For MetaFrame XP 1.0 for Windows Server 2003 - Spanish

Hotfix XG103W2K3024 - For MetaFrame XP 1.0 for Windows Server 2003 - German

Hotfix XF103W2K3024 - For MetaFrame XP 1.0 for Windows Server 2003 - French

MetaFrame XP 1.0 for Windows Terminal Server

Hotfix XE102T027 - For MetaFrame XP 1.0 for Windows Terminal Server - English

Hotfix XS102T027 - For MetaFrame XP 1.0 for Windows Terminal Server - Spanish

Hotfix XG102T027 - For MetaFrame XP 1.0 for Windows Terminal Server - German

Hotfix XF102T027 - For MetaFrame XP 1.0 for Windows Terminal Server - French

MetaFrame 1.8 for Windows Terminal Server

Hotfix ME184T010 - For MetaFrame 1.8 for Windows Teminal Server - English

Hotfix MG184T010 - For MetaFrame 1.8 for Windows Teminal Server - German

MetaFrame 1.8 for Windows 2000 Server

Hotfix ME184W010 - For MetaFrame 1.8 for Windows 2000 Server - English

Hotfix MG184W010 - For MetaFrame 1.8 for Windows 2000 Server - German
Vendor URL:  support.citrix.com/kb/entry.jspa?entryID=4289&categoryID=118 (Links to External Site)
Cause:  Access control error
Underlying OS:  Windows (2000), Windows (2003)

Message History:   None.

 Source Message Contents
Date:  Wed, 28 Apr 2004 08:31:02 -0400
Subject:  http://support.citrix.com/kb/entry.jspa?entryID=4289&categoryID=118

 

http://support.citrix.com/kb/entry.jspa?entryID=4289&categoryID=118

 > Administrators May Be Able To Access Client Drives

 > Document ID: 	CTX103763
 > Created: 	Apr 26, 2004
 > Updated: 	Apr 28, 2004

 > Severity: Low

Affected Products:

       • MetaFrame XP Presentation Server for Windows 1.0

       • MetaFrame 1.8

Citrix reported that a remote authenticated administrator can access another user's client 
drives via that user's ICA connection.

The vulnerability has been fixed in MetaFrame XP Presentation Server 3.0 and in hotfixes 
for previous releases.

The following hotfixes are available [see the Citrix advisory for download URLs]:

MetaFrame XP 1.0 for Windows 2000 Server

       • Hotfix XE103W2K082 - For MetaFrame XP 1.0 for Windows 2000 Server - English

       • Hotfix XS103W2K082 - For MetaFrame XP 1.0 for Windows 2000 Server - Spanish

       • Hotfix XG103W2K082 - For MetaFrame XP 1.0 for Windows 2000 Server - German

       • Hotfix XF103W2K082 - For MetaFrame XP 1.0 for Windows 2000 Server - French

MetaFrame XP 1.0 for Windows Server 2003

       • Hotfix XE103W2K3024 - For MetaFrame XP 1.0 for Windows Server 2003 - English

       • Hotfix XS103W2K3024 - For MetaFrame XP 1.0 for Windows Server 2003 - Spanish

       • Hotfix XG103W2K3024 - For MetaFrame XP 1.0 for Windows Server 2003 - German

       • Hotfix XF103W2K3024 - For MetaFrame XP 1.0 for Windows Server 2003 - French

MetaFrame XP 1.0 for Windows Terminal Server

       • Hotfix XE102T027 - For MetaFrame XP 1.0 for Windows Terminal Server - English

       • Hotfix XS102T027 - For MetaFrame XP 1.0 for Windows Terminal Server - Spanish

       • Hotfix XG102T027 - For MetaFrame XP 1.0 for Windows Terminal Server - German

       • Hotfix XF102T027 - For MetaFrame XP 1.0 for Windows Terminal Server - French

MetaFrame 1.8 for Windows Terminal Server

       • Hotfix ME184T010 - For MetaFrame 1.8 for Windows Teminal Server - English

       • Hotfix MG184T010 - For MetaFrame 1.8 for Windows Teminal Server - German

MetaFrame 1.8 for Windows 2000 Server

       • Hotfix ME184W010 - For MetaFrame 1.8 for Windows 2000 Server - English

       • Hotfix MG184W010 - For MetaFrame 1.8 for Windows 2000 Server - German


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2004, SecurityGlobal.net LLC