===================================================================== CERT-Renater Note d'Information No. 2005/VULN779 _____________________________________________________________________ DATE : 16/12/2005 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Windows hebergeant ICA Win32 Program Neighborhood Client ====================================================================== CTX108354 - Vulnerability in Program Neighborhood client could result in arbitrary code execution This document was published at: http://support.citrix.com/article/CTX108354 Document ID: CTX108354, Created on: Dec 13, 2005, Updated: Dec 16, 2005 Products: ICA Win32 Program Neighborhood Client Severity: High Description of Problem The Citrix Program Neighborhood client supports a UDP based application enumeration mechanism; if this functionality is used to present the client with a very long application name then an implementation flaw in the client could result in an internal buffer being overflowed. It is possible that this buffer overflow could be used to execute malicious code within the client process. The following clients are affected by this issue: • Citrix Program Neighborhood version 9.1 and earlier for 32-bit and 64-bit Windows The Citrix Web client and the Citrix Program Neighborhood Agent client are not affected by this vulnerability. This vulnerability has been assigned the following CVE number: • CVE-2005-3652 - Citrix Program Neighborhood Name Heap Corruption Vulnerability Mitigating Factors For this vulnerability to be exploited the client would have to be explicitly configured to point to a malicious UDP server, or a malicious UDP server would have to be installed on the same subnet as the client. What Customers Should Do This issue has been fixed in versions 9.150 and later of the Program Neighborhood client. Citrix recommends that affected customers upgrade to a fixed version, updated client packages can be downloaded from the following location: http://www.citrix.com/English/SS/downloads/downloads.asp?dID=2755 Acknowledgements Citrix thanks iDefense for reporting this issue and working with us to protect customers. What Citrix Is Doing Citrix is proactively notifying customers and channel partners about this potential security issue. An article containing the information in this bulletin is available from the Citrix Knowledge Base at http://support.citrix.com/. Obtaining Support on this Issue If you require technical assistance with this issue, please contact Citrix Technical Support. Information for contacting Citrix Technical Support is available at http://support.citrix.com/. Reporting Security Vulnerabilities to Citrix Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities very seriously. If you would like to report a security issue to Citrix, please compose an e-mail to secure@citrix.com containing the exact version of the product in which the vulnerability was found and steps to reproduce the vulnerability. ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================