search menu icon-carat-right cmu-wordmark

CERT Coordination Center


Citrix Presentation Server heap based buffer overflow

Vulnerability Note VU#412228

Original Release Date: 2008-01-22 | Last Revised: 2008-01-23

Overview

A heap-based buffer overflow in Citrix Presentation Server may allow a remote attacker to execute arbitrary code on an vulnerable system in the context of the system user.

Description

Citrix Presentation Server is an application delivery system providing access to users accross a network. Presentation Server includes the Independent Management Architecture (IMA) service, which is responsible for the deployment of applications, policies, and other resources of remote hosts. The IMA service (ImaSrv.exe) listens by default on 2512/tcp or 2513/tcp. The service contains a boundary error which can be exploited by an attacker by sending a maliciously crafted packet to port 2512/tcp or 2513/tcp to initiate the buffer overflow.

Impact

By sending a maliciously crafted packet to port 2512/tcp or 2513/tcp, a remote attacker could execute arbitrary code on an vulnerable system in the context of the system user.

Solution

Apply the updates to this vulnerability as provided in Citrix Knowledge Center Article CTX114487.

Vendor Information

412228
Expand all

Citrix

Updated:  January 18, 2008

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Citrix addresses this vulnerability with the updates listed in Citrix Knowledge Center Document CTX114487.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Credit

This vulnerability was discovered by Eric Detoisien and reported via TippingPoint/ZDI

This document was written by Joseph W. Pruszynski.

Other Information

CVE IDs: None
Severity Metric: 4.33
Date Public: 2008-01-17
Date First Published: 2008-01-22
Date Last Updated: 2008-01-23 02:06 UTC
Document Revision: 18

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.