24 May 2007, 11:44

Vulnerability in Citrix Presentation Server enables network security policy bypass

The Session Reliability Service included in several Citrix products can allow attackers to connect to arbitrary ports on the server and thereby bypass security policies on devices such as firewalls, to access services that are otherwise secure. For this to occur, crafted inquiries must be sent to the service.

The company gives no further details about the vulnerability in its security report. Citrix provides hotfixes for the affected products: MetaFrame Presentation Server; Presentation Server and Access Essentials; which eliminate the vulnerabilites. These are accessible via link for the corresponding products in the company's security report. Administrators should quickly apply them to affected installations.

Channels

Services

Vulnerability in Citrix Presentation Server enables network security policy bypass

Also on The H:

Content Security Policy halts XSS in its tracks

Skype's ominous link checking: Facts and speculation

Password protection for everyone

Two clicks for more privacy

What's new in SUSE Linux Enterprise 11 SP3

What's new in Fedora 19

What's new in Linux 3.10

Free Software post-PRISM

Kernel Log: Coming in 3.10 (Part 4) - Drivers

The trouble with "Business Source"

Kernel Log: Coming in 3.10 (Part 3) - Infrastructure

Whatever happened to Google?

Java EE 7 at a glance

Continuous database migration with Liquibase and Flyway

Unit testing with Node.js

Ruby 2.0 - the 20th birthday present

Linux Mint 15: A better Ubuntu for the desktop

What's new in Linux 3.9

Replacing Google Reader

Attacking TrueCrypt

The H

The H Open

The H Security

The H Developer

The H Internet Toolkit