Citrix servers can execute injected code
Citrix has issued software updates for its server products to rectify a vulnerability that lets attackers remotely inject malicious code and execute it. The fault lies with the IMA service, which is a component of many Citrix server products.
The IMA service, which according to Citrix is responsible for communication between servers and also for management, normally listens on network ports 2512 and 2513. Attackers can provoke a buffer overflow by sending manipulated packets to the service, and thus inject code that then runs in the security context of the IMA service.
The vulnerable service is installed by Citrix MetaFrame and Presentation Servers up to and including 4.5, Citrix Access Essentials and the Citrix Desktop Server. The Citrix security report gives links to updates for the servers concerned, and administrators should incorporate them urgently. They should also block access at the firewall to incoming traffic on ports 2512 and 2513.
- Vulnerability in Presentation Server's IMA Service could result in arbitrary code execution, security report from Citrix