|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[SA17032] Citrix Metaframe Presentation Server Policy Filtering Bypass
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Mon Oct 03 2005 - 10:09:57 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
Citrix Metaframe Presentation Server Policy Filtering Bypass
SECUNIA ADVISORY ID:
SA17032
VERIFY ADVISORY:
http://secunia.com/advisories/17032/
CRITICAL:
Moderately critical
IMPACT:
Security Bypass
WHERE:
From remote
SOFTWARE:
Citrix Presentation Server 4.x
http://secunia.com/product/5270/
Citrix MetaFrame Presentation Server 3.x
http://secunia.com/product/3805/
DESCRIPTION:
Gustavo Gurmandi has reported a vulnerability in Citrix MetaFrame
Presentation Server, which can be exploited by malicious users to
bypass certain security restrictions.
The vulnerability is caused due to a validation error when policy
filtering decisions are made based on the user's client name. This
can be exploited by malicious users to bypass certain policy
restrictions by modifying the client name in the "launch.ica" file
The vulnerability has been reported in the following versions:
* Citrix MetaFrame Presentation Server 3.0 for Microsoft Windows
2000
* Citrix MetaFrame Presentation Server 3.0 for Microsoft Windows
2003
* Citrix Presentation Server 4.0 for Microsoft Windows 2000
* Citrix Presentation Server 4.0 for Microsoft Windows 2003
SOLUTION:
Do not use client names for policy filtering decision.
PROVIDED AND/OR DISCOVERED BY:
Gustavo Gurmandi, GrupoITPro Security Research Community.
ORIGINAL ADVISORY:
Citrix:
http://support.citrix.com/kb/entry!default.jspa?categoryID=275&externalID=CTX107705
GrupoITPro Security Research Community:
http://www.grupoitpro.com.ar/ctxpoliciesbypass.txt
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]