=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2008/VULN018
_____________________________________________________________________

DATE                      : 22/01/2008

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Citrix Presentation Server.

======================================================================
http://support.citrix.com/article/CTX114487
______________________________________________________________________

Vulnerability in Presentation Server's IMA Service could result in 
arbitrary code execution.
Document ID: CTX114487   /   Created On: 15 janv. 2008   /   Updated On: 
15 janv. 2008
Average Rating: 3


Severity: High

Description of Problem

The IMA service is used by Citrix Presentation Server for inter-sever
and management communications. Sending a specifically crafted packet
could result in an internal buffer being overflowed. This could lead to
execution of malicious code in the context of the IMA server process.

This vulnerability is present in all versions of Citrix MetaFrame and
Presentation Server up to and including 4.5, Citrix Access Essentials
and Citrix Desktop Server.

Mitigating Factors

Access to IMA ports 2512 or 2513 would be needed to exploit these
issues. In typical deployments of Citrix Presentation Server these ports
would not be externally accessible.

What Customers Should Do

A hotfix has been released to address both of these issues. Citrix
recommends that affected customers install the hotfix which can be
downloaded from the following locations:

MetaFrame Presentation Server 3.0 for Windows 2000 Server:

EN - http://support.citrix.com/article/CTX115483

FR - http://support.citrix.com/article/CTX115484

DE - http://support.citrix.com/article/CTX115485

JA - http://support.citrix.com/article/CTX115487

ES - http://support.citrix.com/article/CTX115486

MetaFrame Presentation Server 3.0 for Windows Server 2003:

EN - http://support.citrix.com/article/CTX115488

FR - http://support.citrix.com/article/CTX115489

DE - http://support.citrix.com/article/CTX115490

JA - http://support.citrix.com/article/CTX115492

ES - http://support.citrix.com/article/CTX115491

Citrix Presentation Server 4.0 for Windows 2000 Server:

EN - http://support.citrix.com/article/CTX114960

FR - http://support.citrix.com/article/CTX115236

DE - http://support.citrix.com/article/CTX115234

JA - http://support.citrix.com/article/CTX115237

ES - http://support.citrix.com/article/CTX115235

Citrix Presentation Server 4.0 for Windows Server 2003:

EN - http://support.citrix.com/article/CTX114961

FR - http://support.citrix.com/article/CTX115229

DE - http://support.citrix.com/article/CTX115232

JA - http://support.citrix.com/article/CTX115233

ES - http://support.citrix.com/article/CTX115231

Citrix Presentation Server 4.0 for Windows Server 2003 x64 Editions:

EN - http://support.citrix.com/article/CTX115611

FR - http://support.citrix.com/article/CTX115612

DE - http://support.citrix.com/article/CTX115613

JA - http://support.citrix.com/article/CTX115615

ES - http://support.citrix.com/article/CTX115614

Citrix Presentation Server 4.5 for Windows Server 2003:

EN - http://support.citrix.com/article/CTX115275

FR - http://support.citrix.com/article/CTX115380

DE - http://support.citrix.com/article/CTX115381

JA - http://support.citrix.com/article/CTX115382

ES - http://support.citrix.com/article/CTX115384

Citrix Presentation Server 4.5 for Windows Server 2003 x64 Editions:

EN - http://support.citrix.com/article/CTX115278

FR - http://support.citrix.com/article/CTX115385

DE - http://support.citrix.com/article/CTX115386

JA - http://support.citrix.com/article/CTX115387

ES - http://support.citrix.com/article/CTX115388

Citrix Access Essentials 1.0:

EN - http://support.citrix.com/article/CTX114961

FR - http://support.citrix.com/article/CTX115229

DE - http://support.citrix.com/article/CTX115232

JA - http://support.citrix.com/article/CTX115233

ES - http://support.citrix.com/article/CTX115231

Citrix Access Essentials 1.5:

EN - http://support.citrix.com/article/CTX114961

FR - http://support.citrix.com/article/CTX115229

DE - http://support.citrix.com/article/CTX115232

JA - http://support.citrix.com/article/CTX115233

ES - http://support.citrix.com/article/CTX115231

Citrix Access Essentials 2.0:

EN - http://support.citrix.com/article/CTX115275

FR - http://support.citrix.com/article/CTX115380

DE - http://support.citrix.com/article/CTX115381

JA - http://support.citrix.com/article/CTX115382

ES - http://support.citrix.com/article/CTX115384

Citrix Desktop Server 1.0:

EN - http://support.citrix.com/article/CTX114878

Citrix Desktop Server 1.0 x64 Edition:

EN - http://support.citrix.com/article/CTX114879

Acknowledgements

Citrix thanks TippingPoint and the Zero Day Initiative for working with
us to protect customers.

What Citrix Is Doing

Citrix is notifying customers and channel partners about this potential
security issue. This article is also available from the Citrix Knowledge
Base at http://support.citrix.com/.

Obtaining Support on this Issue

If you require technical assistance with this issue, please contact
Citrix Technical Support. Information for contacting Citrix Technical
Support is available at http://support.citrix.com/.

Reporting Security Vulnerabilities to Citrix

Citrix welcomes input regarding the security of its products and
considers any and all potential vulnerabilities very seriously. If you
would like to report a security issue to Citrix, please compose an
e-mail to secure@citrix.com containing the exact version of the product
in which the vulnerability was found and the steps needed to reproduce
the vulnerability.

This document applies to:

     * MetaFrame Presentation Server 3.0 for Microsoft Windows 2000
     * Citrix MetaFrame Presentation Server 3.0 for Microsoft Windows
       2003
     * Citrix Presentation Server 4.0 for Microsoft Windows 2000
     * Citrix Presentation Server 4.0 for Microsoft Windows 2003
     * Citrix Presentation Server 4.0 x64 Edition
     * Citrix Presentation Server 4.5 for Windows Server 2003 Russian
       Edition
     * Citrix Presentation Server 4.5 for Windows Server 2003
     * Citrix Presentation Server 4.5 for Windows Server 2003 x64 Edition
     * Citrix Access Essentials 1.0
     * Citrix Access Essentials 1.5
     * Citrix Access Essentials 2.0
     * Citrix Desktop Server 1.0
     * Citrix Desktop Server 1.0 x64



======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================