>> Citrix Products Remote Command Execution and Denial of Service Vulnerabilities
Title : Citrix Products Remote Command Execution and Denial of Service Vulnerabilities VUPEN ID : VUPEN/ADV-2006-4429 CVE ID : CVE-2006-5821 - CVE-2006-5861
Rated as : Critical
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2006-11-10
Technical Description
Two vulnerabilities have been identified in various Citrix products, which could be exploited by remote attackers to cause a denial of service or take complete control of an affected system.
The first vulnerability is due to a heap overflow error in the "IMA_SECURE_DecryptData1()" [ImaSystem.dll] function that does not properly handle specially crafted authentication data received through the Independant Management Architecture (IMA) service [ImaSrv.exe] that listens on TCP port 2512 or 2513, which could be exploited by remote unauthenticated attackers to execute arbitrary commands.
The second issue is due to an input validation error in the Independant Management Architecture (IMA) service that does not properly handle certain packet types, which could be exploited by remote attackers to terminate the IMA process, creating a denial of service condition.