Secunia Security Advisory - A weakness has been reported in Citrix Presentation Server, which potentially can be exploited by malicious people to compromise a vulnerable system.
5fad95c16dec8a3e07cbdf33cfb0b81bd64e1e978979bca8717268b61f0f640b
----------------------------------------------------------------------
2003: 2,700 advisories published
2004: 3,100 advisories published
2005: 4,600 advisories published
2006: 5,300 advisories published
How do you know which Secunia advisories are important to you?
The Secunia Vulnerability Intelligence Solutions allows you to filter
and structure all the information you need, so you can address issues
effectively.
Get a free trial of the Secunia Vulnerability Intelligence Solutions:
http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv
----------------------------------------------------------------------
TITLE:
Citrix Presentation Server Published Application Execution Weakness
SECUNIA ADVISORY ID:
SA27633
VERIFY ADVISORY:
http://secunia.com/advisories/27633/
CRITICAL:
Not critical
IMPACT:
System access
WHERE:
>From remote
SOFTWARE:
Citrix Access Essentials 1.x
http://secunia.com/product/14311/
Citrix MetaFrame Presentation Server 3.x
http://secunia.com/product/3805/
Citrix Presentation Server 4.x
http://secunia.com/product/5270/
Citrix Access Essentials 2.x
http://secunia.com/product/16553/
DESCRIPTION:
A weakness has been reported in Citrix Presentation Server, which
potentially can be exploited by malicious people to compromise a
vulnerable system.
The problem is that published applications and potentially other
applications can be launched when invoking an ICA connection to a
Citrix Presentation Server. This can be exploited to e.g. launch
published applications with specially crafted parameters on a Citrix
Presentation Server when a user is tricked into visiting a malicious
website or opening a malicious .ICA file.
Successful exploitation requires that the target user is authorized
to execute the published application and that the Citrix Presentation
Server is configured e.g. to allow parameters to be passed to
published applications.
The weakness affects the following products:
* Access Essentials 1.0
* Citrix Access Essentials 1.5
* Citrix Access Essentials 2.0
* Citrix MetaFrame Presentation Server 3.0 for Microsoft Windows
2000
* Citrix MetaFrame Presentation Server 3.0 for Microsoft Windows
2003
* Citrix Presentation Server 4.0 for Microsoft Windows 2000
* Citrix Presentation Server 4.0 for Microsoft Windows 2003
* Citrix Presentation Server 4.0 x64 Edition
* Citrix Presentation Server 4.5 for Windows Server 2003
* Citrix Presentation Server 4.5 for Windows Server 2003 Feature Pack
1
* Citrix Presentation Server 4.5 for Windows Server 2003 x64 Edition
SOLUTION:
The vendor recommends implementing security best practices and has
issued a hotfix that makes application names less predictable.
Citrix Security Bulletin CTX114938 (Best practices):
http://support.citrix.com/article/CTX114938
Citrix Presentation Server 4.5 for Windows Server 2003:
http://support.citrix.com/article/CTX115275
Citrix Presentation Server 4.5 for Windows Server 2003 x64 Editions:
http://support.citrix.com/article/CTX115278
Citrix Presentation Server 4.0 for Windows 2000 Server:
http://support.citrix.com/article/CTX115276
Citrix Presentation Server 4.0 for Windows Server 2003:
http://support.citrix.com/article/CTX115277
PROVIDED AND/OR DISCOVERED BY:
.ICA files launching published applications via the "InitialProgram"
key originally reported by wirepair and recently discussed by pdp.
ORIGINAL ADVISORY:
CTX115245:
http://support.citrix.com/article/CTX115245
GNUCITIZEN:
http://www.gnucitizen.org/blog/citrix-owning-the-legitimate-backdoor/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------