SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Generic)  >   Citrix XenApp (MetaFrame Presentation Server) Vendors:   Citrix
Citrix Presentation Server Session Reliability Flaw Lets Remote Users Bypass Security Policy Restrictions
SecurityTracker Alert ID:  1018098
SecurityTracker URL:  http://securitytracker.com/id/1018098
CVE Reference:   CVE-2007-2850   (Links to External Site)
Updated:  May 12 2008
Original Entry Date:  May 23 2007
Impact:   Host/resource access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 3.0, 4.0
Description:   A vulnerability was reported in the Citrix MetaFrame Presentation Server. A remote user can connect to arbitrary ports.

A remote user can supply a specially crafted request to connect to arbitrary TCP ports on the target system.

Systems that have the Session Reliability feature disabled are not affected.

The following products and versions are affected:

Citrix MetaFrame Presentation Server 3.0
Citrix Presentation Server 4.0
Citrix Access Essentials 1.0
Citrix Access Essentials 1.5

Citrix credits Andrew Christensen of FortConsult with reporting this vulnerability.

Impact:   A remote user can connect to arbitrary ports on the target system.
Solution:   The vendor has issued the following fixes.

MetaFrame Presentation Server 3.0 for Windows 2000 Server:

EN - http://support.citrix.com/article/CTX112818

FR - http://support.citrix.com/article/CTX112821

DE - http://support.citrix.com/article/CTX112819

JA - http://support.citrix.com/article/CTX112820

ES - http://support.citrix.com/article/CTX112822

MetaFrame Presentation Server 3.0 for Windows Server 2003:

EN - http://support.citrix.com/article/CTX112813

FR - http://support.citrix.com/article/CTX112816

DE - http://support.citrix.com/article/CTX112814

JA - http://support.citrix.com/article/CTX112815

ES - http://support.citrix.com/article/CTX112817

Citrix Presentation Server 4.0 for Windows 2000 Server:

EN - http://support.citrix.com/article/CTX112844

FR - http://support.citrix.com/article/CTX112847

DE - http://support.citrix.com/article/CTX112845

JA - http://support.citrix.com/article/CTX112848

ES - http://support.citrix.com/article/CTX112846

Citrix Presentation Server 4.0 for Windows Server 2003:

EN - http://support.citrix.com/article/CTX112839

FR - http://support.citrix.com/article/CTX112842

DE - http://support.citrix.com/article/CTX112840

JA - http://support.citrix.com/article/CTX112843

ES - http://support.citrix.com/article/CTX112841

Citrix Presentation Server 4.0 for Windows Server 2003 x64 Editions:

EN - http://support.citrix.com/article/CTX112886

FR - http://support.citrix.com/article/CTX112887

DE - http://support.citrix.com/article/CTX112888

JA - http://support.citrix.com/article/CTX112890

ES - http://support.citrix.com/article/CTX112889

Citrix Access Essentials 1.0:

EN - http://support.citrix.com/article/CTX112839

FR - http://support.citrix.com/article/CTX112842

DE - http://support.citrix.com/article/CTX112840

ES - http://support.citrix.com/article/CTX112841

Citrix Access Essentials 1.5:

EN - http://support.citrix.com/article/CTX112839

FR - http://support.citrix.com/article/CTX112842

DE - http://support.citrix.com/article/CTX112840

ES - http://support.citrix.com/article/CTX112841

The Citrix advisory is available at:

http://support.citrix.com/article/CTX112964

Vendor URL:  support.citrix.com/article/CTX112964 (Links to External Site)
Cause:   Access control error
Underlying OS:   Windows (2000), Windows (2003)

Message History:   None.


 Source Message Contents

Date:  Tue, 22 May 2007 23:16:18 -0400
Subject:  Vulnerability in Citrix Presentations Server s Session Reliability service could result in network security policy bypass


http://support.citrix.com/article/CTX112964

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC