SecurityTracker: Citrix MetaFrame Presentation Server Lets Remote Authenticated Administrators Access a Target User's Client Drives

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Generic) > Citrix XenApp (MetaFrame Presentation Server)

Vendors: Citrix

Citrix MetaFrame Presentation Server Lets Remote Authenticated Administrators Access a Target User's Client Drives

SecurityTracker Alert ID: 1009970

SecurityTracker URL: http://securitytracker.com/id/1009970

CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)

Date: Apr 28 2004

Impact: User access via network

Fix Available: Yes Vendor Confirmed: Yes

Version(s): prior to 3.0

Description: A vulnerability was reported in Citrix MetaFrame Presentation Server. An administrator may be able to access another user's client drives.

Citrix reported that a remote authenticated administrator can run a specially crafted program to access a target user's client drives via the target user's ICA connection. No further details were provided.

Impact: A remote authenticated administrator can access a target user's client drives.

Solution: The vulnerability has been fixed in MetaFrame XP Presentation Server 3.0 and in hotfixes for previous releases. The following hotfixes are available [see the Citrix advisory at http://support.citrix.com/kb/entry.jspa?entryID=4289&categoryID=118 for download URLs]:

MetaFrame XP 1.0 for Windows 2000 Server

Hotfix XE103W2K082 - For MetaFrame XP 1.0 for Windows 2000 Server - English

Hotfix XS103W2K082 - For MetaFrame XP 1.0 for Windows 2000 Server - Spanish

Hotfix XG103W2K082 - For MetaFrame XP 1.0 for Windows 2000 Server - German

Hotfix XF103W2K082 - For MetaFrame XP 1.0 for Windows 2000 Server - French

MetaFrame XP 1.0 for Windows Server 2003

Hotfix XE103W2K3024 - For MetaFrame XP 1.0 for Windows Server 2003 - English

Hotfix XS103W2K3024 - For MetaFrame XP 1.0 for Windows Server 2003 - Spanish

Hotfix XG103W2K3024 - For MetaFrame XP 1.0 for Windows Server 2003 - German

Hotfix XF103W2K3024 - For MetaFrame XP 1.0 for Windows Server 2003 - French

MetaFrame XP 1.0 for Windows Terminal Server

Hotfix XE102T027 - For MetaFrame XP 1.0 for Windows Terminal Server - English

Hotfix XS102T027 - For MetaFrame XP 1.0 for Windows Terminal Server - Spanish

Hotfix XG102T027 - For MetaFrame XP 1.0 for Windows Terminal Server - German

Hotfix XF102T027 - For MetaFrame XP 1.0 for Windows Terminal Server - French

MetaFrame 1.8 for Windows Terminal Server

Hotfix ME184T010 - For MetaFrame 1.8 for Windows Teminal Server - English

Hotfix MG184T010 - For MetaFrame 1.8 for Windows Teminal Server - German

MetaFrame 1.8 for Windows 2000 Server

Hotfix ME184W010 - For MetaFrame 1.8 for Windows 2000 Server - English

Hotfix MG184W010 - For MetaFrame 1.8 for Windows 2000 Server - German

Vendor URL: support.citrix.com/kb/entry.jspa?entryID=4289&categoryID=118 (Links to External Site)

Cause: Access control error

Underlying OS: Windows (2000), Windows (2003)

Message History: None.

Source Message Contents

Date: Wed, 28 Apr 2004 08:31:02 -0400
Subject: http://support.citrix.com/kb/entry.jspa?entryID=4289&categoryID=118


http://support.citrix.com/kb/entry.jspa?entryID=4289&categoryID=118

 > Administrators May Be Able To Access Client Drives

 > Document ID: 	CTX103763
 > Created: 	Apr 26, 2004
 > Updated: 	Apr 28, 2004

 > Severity: Low

Affected Products:

       • MetaFrame XP Presentation Server for Windows 1.0

       • MetaFrame 1.8

Citrix reported that a remote authenticated administrator can access another user's client 
drives via that user's ICA connection.

The vulnerability has been fixed in MetaFrame XP Presentation Server 3.0 and in hotfixes 
for previous releases.

The following hotfixes are available [see the Citrix advisory for download URLs]:

MetaFrame XP 1.0 for Windows 2000 Server

       • Hotfix XE103W2K082 - For MetaFrame XP 1.0 for Windows 2000 Server - English

       • Hotfix XS103W2K082 - For MetaFrame XP 1.0 for Windows 2000 Server - Spanish

       • Hotfix XG103W2K082 - For MetaFrame XP 1.0 for Windows 2000 Server - German

       • Hotfix XF103W2K082 - For MetaFrame XP 1.0 for Windows 2000 Server - French

MetaFrame XP 1.0 for Windows Server 2003

       • Hotfix XE103W2K3024 - For MetaFrame XP 1.0 for Windows Server 2003 - English

       • Hotfix XS103W2K3024 - For MetaFrame XP 1.0 for Windows Server 2003 - Spanish

       • Hotfix XG103W2K3024 - For MetaFrame XP 1.0 for Windows Server 2003 - German

       • Hotfix XF103W2K3024 - For MetaFrame XP 1.0 for Windows Server 2003 - French

MetaFrame XP 1.0 for Windows Terminal Server

       • Hotfix XE102T027 - For MetaFrame XP 1.0 for Windows Terminal Server - English

       • Hotfix XS102T027 - For MetaFrame XP 1.0 for Windows Terminal Server - Spanish

       • Hotfix XG102T027 - For MetaFrame XP 1.0 for Windows Terminal Server - German

       • Hotfix XF102T027 - For MetaFrame XP 1.0 for Windows Terminal Server - French

MetaFrame 1.8 for Windows Terminal Server

       • Hotfix ME184T010 - For MetaFrame 1.8 for Windows Teminal Server - English

       • Hotfix MG184T010 - For MetaFrame 1.8 for Windows Teminal Server - German

MetaFrame 1.8 for Windows 2000 Server

       • Hotfix ME184W010 - For MetaFrame 1.8 for Windows 2000 Server - English

       • Hotfix MG184W010 - For MetaFrame 1.8 for Windows 2000 Server - German

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2012, SecurityGlobal.net LLC