In association with heise online

18 January 2008, 11:46

Citrix servers can execute injected code

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Citrix has issued software updates for its server products to rectify a vulnerability that lets attackers remotely inject malicious code and execute it. The fault lies with the IMA service, which is a component of many Citrix server products.

The IMA service, which according to Citrix is responsible for communication between servers and also for management, normally listens on network ports 2512 and 2513. Attackers can provoke a buffer overflow by sending manipulated packets to the service, and thus inject code that then runs in the security context of the IMA service.

The vulnerable service is installed by Citrix MetaFrame and Presentation Servers up to and including 4.5, Citrix Access Essentials and the Citrix Desktop Server. The Citrix security report gives links to updates for the servers concerned, and administrators should incorporate them urgently. They should also block access at the firewall to incoming traffic on ports 2512 and 2513.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit