Exploitable Citrix Security Vulnerability - Patch Now - Security Protection

Common Tasks

Community

Email Notifications

Personal Links

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

Exploitable Citrix Security Vulnerability - Patch Now

Citrix security should be updated where applicable in corporate environments:

Citrix Security Vulnerability - Patch Now
http://isc.sans.org/diary.html?storyid=2102
http://support.citrix.com/article/CTX111686
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0444
http://www.zerodayinitiative.com/advisories/ZDI-07-006.html

QUOTE: This is for Citrix users: Time to Patch! Another vulnerability was disclosed that affects the Citrix presentation plataform. This one, discovered by the ZeroDayInitiative is a buffer overflow vulnerability and received the CVE ID of CVE-2007-0444 (not much info there) and affects the Citrix Presentation Server 4.0, Metaframe XP 1.0 and Metaframe Presentation Server 3.0.

If sucessfuly exploited, an attacker will be able to run code as System. Exploit for this vulnerability is available, so I really recommend the usual test and patch procedure! Citrix has information about this vulnerability and the proper measures to take.

Posted: Jan 27 2007, 03:06 PM by Harry Waldron | with no comments

Questions? Contact Susan at Susan-at-msmvps.com. Each post's copyright held by the original author. All rights reserved. Blog site is an independent site not sponsored by Microsoft.
Our servers would like to thank www.ownwebnow.com and www.exchangedefender.com. We wouldn't be here without the generosity of Vlad Mazek and his companies.

Powered by Community Server (Commercial Edition), by Telligent Systems

Theme based on the Paperclip Blog Theme included in Community Server.
Enhanced to a Site-Wide Theme by Interscape Technologies.