Citrix Patches Presentation Server Security Holes
Citrix Presentation Server gives remote users secure access to applications on the network by making them accessible behind the firewall and encrypting data between the server and client.
Both vulnerabilities stem from a glitch in the Independent Management Architecture (IMA) portion of Presentation Server, which handles inter-server and management communications, Citrix said in a Friday advisory.
In one scenario, an attacker could send a specially designed packet to trigger a buffer overflow, which would enable them to execute malicious code. In the other scenario, a specially designed packet would create a denial of service (DoS) situation, Citrix said.
Fort Lauderdale, Fla.-based Citrix credited TippingPoint's Zero Day Initiative, which pays researchers for turning in unreported vulnerabilities, for discovering the buffer overflow flaw. Citrix credited Verisign's iDefense security research arm for discovering the DoS vulnerability.
Secunia gave the vulnerabilities a combined rating of 'moderately critical', or 3 on a 5-point scale. Symantec Deepsight Threat Management System gave the flaws an aggregate score of 7.9 out of 10.
However, the French Security Incident Response Team (FrSIRT) saw the threat as more severe, slapping a blanket rating of 'critical' " or 4 on a 4-point scale " on the vulnerabilities.
