Technical Description

Two vulnerabilities have been identified in various Citrix products, which could be exploited by remote attackers to cause a denial of service or take complete control of an affected system.

The first vulnerability is due to a heap overflow error in the "IMA_SECURE_DecryptData1()" [ImaSystem.dll] function that does not properly handle specially crafted authentication data received through the Independant Management Architecture (IMA) service [ImaSrv.exe] that listens on TCP port 2512 or 2513, which could be exploited by remote unauthenticated attackers to execute arbitrary commands.

The second issue is due to an input validation error in the Independant Management Architecture (IMA) service that does not properly handle certain packet types, which could be exploited by remote attackers to terminate the IMA process, creating a denial of service condition.

Affected Products

Citrix MetaFrame XP 1.0 for Windows 2000 Server
Citrix MetaFrame XP 1.0 for Windows Server 2003
Citrix MetaFrame Presentation Server 3.0 for Windows 2000 Server
Citrix MetaFrame Presentation Server 3.0 for Windows Server 2003
Citrix Presentation Server 4.0 for Windows 2000 Server
Citrix Presentation Server 4.0 for Windows Server 2003
Citrix Presentation Server 4.0 for Windows Server 2003 x64 Editions

Solution

Apply patches :
http://support.citrix.com/article/CTX111186

References

http://www.vupen.com/english/advisories/2006/4429
http://www.zerodayinitiative.com/advisories/ZDI-06-038.html
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=441

Credits

Vulnerabilities reported by Eric Detoisien

ChangeLog

2006-11-10 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.