Overview
A heap-based buffer overflow in Citrix Presentation Server may allow a remote attacker to execute arbitrary code on an vulnerable system in the context of the system user.
Description
Citrix Presentation Server is an application delivery system providing access to users accross a network. Presentation Server includes the Independent Management Architecture (IMA) service, which is responsible for the deployment of applications, policies, and other resources of remote hosts. The IMA service (ImaSrv.exe) listens by default on 2512/tcp or 2513/tcp. The service contains a boundary error which can be exploited by an attacker by sending a maliciously crafted packet to port 2512/tcp or 2513/tcp to initiate the buffer overflow. |
Impact
By sending a maliciously crafted packet to port 2512/tcp or 2513/tcp, a remote attacker could execute arbitrary code on an vulnerable system in the context of the system user. |
Solution
Apply the updates to this vulnerability as provided in Citrix Knowledge Center Article CTX114487. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
This vulnerability was discovered by Eric Detoisien and reported via TippingPoint/ZDI.
This document was written by Joseph W. Pruszynski.
Other Information
| CVE IDs: | CVE-2008-0356 |
| Severity Metric: | 4.33 |
| Date Public: | 2008-01-17 |
| Date First Published: | 2008-01-22 |
| Date Last Updated: | 2008-01-23 02:06 UTC |
| Document Revision: | 19 |