In association with heise online

22 July 2007, 11:00

Citrix patches Access Gateways

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Citrix has reported several bugs in its Access Gateway which attackers can use to spy on sensitive data and hijack the user's system. In Access Gateway Standard Edition 4.5.2 and previous versions and Access Gateway Advanced Edition Version 4.5 with Firmware 4.5.2, there are holes in an ActiveX control and a Firefox plug-in (Net6Helper.DLL and npCtxCAO.dll) which can be used to inject code into a PC and execute it.

The Access Gateway model 2000 with Firmware 4.5.2 also has a vulnerability in the web-based administration interface which can be used to make adjustments without authentication. The software also stores some logon information on the client which an attacker can use to hijack an active session. To eliminate the problem, the manufacturer recommends users install Version 4.5.5 of the firmware (Hotfix AG2000_v455 - Access Gateway Standard Edition 4.5, Hotfix AAC450W001 - For Access Gateway Advanced Edition 4.5. Citrix also strongly advises deleting the files Net6Helper.DLL and npCtxCAO.dll from the computer. There are two instances of npCtxCAO.dll in the installed file set. Details can be found in the original bug report.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit