Citrix Presentation Server IMA Service Heap Overflow Vulnerability

Overview

» IDS/IPS Signatures

Security Sites

iPolicy Networks Security Advisory


Date Discovered:	01/18/2008
Severity:	High
Applications Affected	Citrix MetaFrame Presentation Server 4.5 and previous

Synopsis

Heap overflow vulnerability has been identified the Citrix MetaFrame Presentation Server 4.5 and previous

Recommended Actions

Upgrade with latest patch.
http://support.citrix.com/article/CTX114487

Threat Analysis

Citrix Presentation Server enables multiple users to log on and run applications in separate, protected sessions on a single server or on multiple servers. You install Citrix Presentation Server on computers running Windows Terminal Services and install and publish the applications or other resources that you want to deploy on computers running Citrix Presentation Server.

Heap overflow vulnerability has been identified in the Independent Management Architecture service, ImaSrv.exe, which listens by default on TCP port 2512 or 2513. This issue occur when application processing a packet with invalid value size. Remote attacker can take advantage of this issue to execute arbitrary code of his own choice.

References

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0356
http://support.citrix.com/article/CTX114487
http://secunia.com/advisories/28508
http://www.securityfocus.com/bid/27329/discuss
http://www.frsirt.com/english/advisories/2008/0172

Write-up by: Vinod Sharma

Security Sites

“iPolicy is one of the most visionary firewall vendors in the firewall Magic Quadrant. Its architecture of a central session processing engine and multiple content blades that are able to block based on signatures, rules and so on is the closest to the network security ideal.”

Greg Young, John Pescatore
Magic Quadrant for Network Firewalls, 2H04, Gartner

| | | | | | | | |