SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Generic)  >   Citrix XenApp (MetaFrame Presentation Server) Vendors:   Citrix
Citrix Presentation Server May Use a Weaker Encryption Algorithm
SecurityTracker Alert ID:  1020026
SecurityTracker URL:  http://securitytracker.com/id/1020026
CVE Reference:   CVE-2008-2299   (Links to External Site)
Updated:  May 22 2008
Original Entry Date:  May 15 2008
Impact:   Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 4.5 and prior versions
Description:   A vulnerability was reported in Citrix Presentation Server. The system may use the incorrect encryption algorithm.

In certain situations, a remote client may connect to the server using encryption settings that are weaker than the minimum configured by the administrator.

Systems that use SecureICA and ICA Basic encryption are affected.

Citrix Access Essentials versions 2.0 and prior are also affected.

Citrix Desktop Server 1.0 is also affected.

Impact:   The system may use weaker encryption settings than intended.
Solution:   The vendor has issued the following fixes.

Citrix Presentation Server 4.5 for Windows Server 2003:

EN - http://support.citrix.com/article/CTX116289

FR - http://support.citrix.com/article/CTX116290

GE - http://support.citrix.com/article/CTX116291

JA - http://support.citrix.com/article/CTX116292

ES - http://support.citrix.com/article/CTX116293

Citrix Presentation Server 4.5 for Windows Server 2003 x64 Editions:

EN - http://support.citrix.com/article/CTX116294

FR - http://support.citrix.com/article/CTX116295

GE - http://support.citrix.com/article/CTX116296

JA - http://support.citrix.com/article/CTX116298

ES - http://support.citrix.com/article/CTX116299

Citrix Presentation Server 4.0 for Windows Server 2003:

EN - http://support.citrix.com/article/CTX113484

FR - http://support.citrix.com/article/CTX113778

GE - http://support.citrix.com/article/CTX113779

JA - http://support.citrix.com/article/CTX113781

ES - http://support.citrix.com/article/CTX113780

Citrix Access Essentials 2.0:

EN - http://support.citrix.com/article/CTX116289

FR - http://support.citrix.com/article/CTX116290

GE - http://support.citrix.com/article/CTX116291

JA - http://support.citrix.com/article/CTX116292

ES - http://support.citrix.com/article/CTX116293

Citrix Access Essentials 1.5:

EN - http://support.citrix.com/article/CTX113484

FR - http://support.citrix.com/article/CTX113778

GE - http://support.citrix.com/article/CTX113779

JA - http://support.citrix.com/article/CTX113781

ES - http://support.citrix.com/article/CTX113780

Citrix Access Essentials 1.0:

EN - http://support.citrix.com/article/CTX113484

FR - http://support.citrix.com/article/CTX113778

GE - http://support.citrix.com/article/CTX113779

JA - http://support.citrix.com/article/CTX113781

ES - http://support.citrix.com/article/CTX113780

Citrix Desktop Server 1.0 for Windows Server 2003:

EN - http://support.citrix.com/article/CTX116805

The vendor's advisory is available at:

http://support.citrix.com/article/CTX114893

Vendor URL:  support.citrix.com/article/CTX114893 (Links to External Site)
Cause:   Access control error
Underlying OS:   Windows (2003)

Message History:   None.


 Source Message Contents

Date:  Wed, 14 May 2008 22:16:40 -0400
Subject:  Citrix Presentation Server


http://support.citrix.com/article/CTX114893
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC