Critical holes in products from Citrix
Citrix has released an update to close two holes in several of its products. The problems are based on flaws in the IMA service (Independent Management Architecture) for network communication between various systems and management services. Hence a rigged packet to the IMA server on the TCP port 2512 or 2513 could lead to a heap overflow in an authentication module (ImaSystem.dll). That in turn could be used to plant code into a vulnerable system and then execute it with the service's rights, claims a flaw advisory from the Zero Day Initiative. No prior authentication is required for an attack. Packets with invalid name lengths can lead to a crash in the IMA process.
The error is present in all versions of Citrix MetaFrame XP and Presentation Server up to and including 4.0. This encompasses:
- Citrix MetaFrame IMA Management Module Remote Heap Overflow, flaw advisory from ZDI
- Citrix Presentation Server 4.0 IMA Service Invalid Name Length DoS Vulnerability, flaw advisory from iDefense