---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. Get a free trial of the Secunia Vulnerability Intelligence Solutions: http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv ---------------------------------------------------------------------- TITLE: Citrix Presentation Server Published Application Execution Weakness SECUNIA ADVISORY ID: SA27633 VERIFY ADVISORY: http://secunia.com/advisories/27633/ CRITICAL: Not critical IMPACT: System access WHERE: >From remote SOFTWARE: Citrix Access Essentials 1.x http://secunia.com/product/14311/ Citrix MetaFrame Presentation Server 3.x http://secunia.com/product/3805/ Citrix Presentation Server 4.x http://secunia.com/product/5270/ Citrix Access Essentials 2.x http://secunia.com/product/16553/ DESCRIPTION: A weakness has been reported in Citrix Presentation Server, which potentially can be exploited by malicious people to compromise a vulnerable system. The problem is that published applications and potentially other applications can be launched when invoking an ICA connection to a Citrix Presentation Server. This can be exploited to e.g. launch published applications with specially crafted parameters on a Citrix Presentation Server when a user is tricked into visiting a malicious website or opening a malicious .ICA file. Successful exploitation requires that the target user is authorized to execute the published application and that the Citrix Presentation Server is configured e.g. to allow parameters to be passed to published applications. The weakness affects the following products: * Access Essentials 1.0 * Citrix Access Essentials 1.5 * Citrix Access Essentials 2.0 * Citrix MetaFrame Presentation Server 3.0 for Microsoft Windows 2000 * Citrix MetaFrame Presentation Server 3.0 for Microsoft Windows 2003 * Citrix Presentation Server 4.0 for Microsoft Windows 2000 * Citrix Presentation Server 4.0 for Microsoft Windows 2003 * Citrix Presentation Server 4.0 x64 Edition * Citrix Presentation Server 4.5 for Windows Server 2003 * Citrix Presentation Server 4.5 for Windows Server 2003 Feature Pack 1 * Citrix Presentation Server 4.5 for Windows Server 2003 x64 Edition SOLUTION: The vendor recommends implementing security best practices and has issued a hotfix that makes application names less predictable. Citrix Security Bulletin CTX114938 (Best practices): http://support.citrix.com/article/CTX114938 Citrix Presentation Server 4.5 for Windows Server 2003: http://support.citrix.com/article/CTX115275 Citrix Presentation Server 4.5 for Windows Server 2003 x64 Editions: http://support.citrix.com/article/CTX115278 Citrix Presentation Server 4.0 for Windows 2000 Server: http://support.citrix.com/article/CTX115276 Citrix Presentation Server 4.0 for Windows Server 2003: http://support.citrix.com/article/CTX115277 PROVIDED AND/OR DISCOVERED BY: .ICA files launching published applications via the "InitialProgram" key originally reported by wirepair and recently discussed by pdp. ORIGINAL ADVISORY: CTX115245: http://support.citrix.com/article/CTX115245 GNUCITIZEN: http://www.gnucitizen.org/blog/citrix-owning-the-legitimate-backdoor/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------