=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2011/VULN152
_____________________________________________________________________

DATE                      : 25/02/2011

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Citrix XenApp, Citrix XenDesktop,
                              Feature Pack 1 for Citrix Presentation Server version 4.5

======================================================================
http://support.citrix.com/article/CTX128169
______________________________________________________________________

Vulnerabilities in XenApp and XenDesktop could result in arbitrary code execution
Document ID: CTX128169   /   Created On: 22 févr. 2011   /   Updated On: 22 févr. 2011


Severity: Critical

Description of Problem

A vulnerability has been identified in the XML Service interface of
XenApp and XenDesktop that could potentially be used by a remote,
unauthenticated attacker to execute arbitrary code in the context of
a service account on a XenApp or XenDesktop server.

The vulnerability could potentially be exploited by sending a specially
crafted packet to the vulnerable component. In deployments where the XML
service is used to validate credentials or tickets provided by external
users, there is a risk that the vulnerability could be exploited by
Internet based attackers.

This vulnerability is present in the following products:

       • All versions of XenApp and XenApp Fundamentals (formerly known
as Access Essentials) up to and including Version 6

       • XenDesktop 4 with, or without, Feature Packs 1 or 2

XenDesktop 5 is not affected by this vulnerability.

Mitigating Factors

The use of an appropriate strong authentication solution can help
to reduce the risks of this issue being exploited by an
Internet-based attacker. Citrix recommends that customers make use
of a strong authentication solution in all Internet-facing deployments.

What Customers Should Do

Hotfixes have been released to address this issue. Citrix strongly
recommends that affected customers install these hotfixes, which
can be downloaded from the following locations:

Citrix XenApp 6 for Windows Server 2008 R2:

EN - http://support.citrix.com/article/CTX127036
FR - http://support.citrix.com/article/CTX128361

DE - http://support.citrix.com/article/CTX128360

JA - http://support.citrix.com/article/CTX128363

ES - http://support.citrix.com/article/CTX128359

SC - http://support.citrix.com/article/CTX128362

Citrix XenApp 5 for Windows Server 2008 x86:

EN - http://support.citrix.com/article/CTX125414

FR - http://support.citrix.com/article/CTX125415

DE - http://support.citrix.com/article/CTX125416

JA - http://support.citrix.com/article/CTX125417

ES - http://support.citrix.com/article/CTX125418

Citrix XenApp 5 for Windows Server 2008 x64:

EN - http://support.citrix.com/article/CTX125419

FR - http://support.citrix.com/article/CTX125420

DE - http://support.citrix.com/article/CTX125421

JA - http://support.citrix.com/article/CTX125422

ES - http://support.citrix.com/article/CTX125423

Citrix Presentation Server 4.5 with Feature Pack/XenApp 5 for Windows Server 2003 x86:

EN - http://support.citrix.com/article/CTX127660

FR - http://support.citrix.com/article/CTX127661

DE - http://support.citrix.com/article/CTX127662

JA - http://support.citrix.com/article/CTX127663

ES - http://support.citrix.com/article/CTX127664

Citrix Presentation Server 4.5 with Feature Pack/XenApp 5 for Windows Server 2003 x64:

EN - http://support.citrix.com/article/CTX127665

FR - http://support.citrix.com/article/CTX127666

DE - http://support.citrix.com/article/CTX127667

JA - http://support.citrix.com/article/CTX127668

ES - http://support.citrix.com/article/CTX127669

Citrix XenDesktop 4 for Windows Server 2003 x86:
EN - http://support.citrix.com/article/CTX128127
JA - http://support.citrix.com/article/CTX128128

Citrix XenDesktop 4 for Windows Server 2003 x64:
EN - http://support.citrix.com/article/CTX128130
JA - http://support.citrix.com/article/CTX128129

Citrix Access Essentials/XenApp Fundamentals 3.0:

EN - http://support.citrix.com/article/CTX125414

FR - http://support.citrix.com/article/CTX125415

DE - http://support.citrix.com/article/CTX125416

JA - http://support.citrix.com/article/CTX125417

ES - http://support.citrix.com/article/CTX125418


Citrix Access Essentials 2.0:

EN - http://support.citrix.com/article/CTX127660

FR - http://support.citrix.com/article/CTX127661

DE - http://support.citrix.com/article/CTX127662

ES - http://support.citrix.com/article/CTX127664

Acknowledgements

Citrix thanks AbdulAziz Hariri, working with iDefense (http://www.idefense.com),
for working with us to protect Citrix customers.

What Citrix Is Doing

Citrix is notifying customers and channel partners about this potential security
issue. This article is also available from the Citrix Knowledge Center
at http://support.citrix.com/.

Obtaining Support on This Issue

If you require technical assistance with this issue, please contact
Citrix Technical Support. Contact details for Citrix Technical Support
are available at http://www.citrix.com/site/ss/supportContacts.asp.

Reporting Security Vulnerabilities to Citrix

Citrix welcomes input regarding the security of its products and considers
any and all potential vulnerabilities seriously. If you would like to
report a security issue to Citrix, please compose an e-mail to
secure@citrix.com stating the exact version of the product in which
the vulnerability was found and the steps needed to reproduce the
vulnerability.

This document applies to:

     * Feature Pack 1 for Presentation Server 4.5
     * XenApp 5.0 for Windows Server 2003 x64
     * XenApp 5.0 for Windows Server 2003 x86
     * XenApp 6.0 for Windows Server 2008 R2
     * XenApp Fundamentals 3.0
     * XenApp Fundamentals 6.0 for Windows Server 2008 R2
     * XenDesktop 4 x32
     * XenDesktop 4 x64



======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================