=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2011/VULN260
_____________________________________________________________________

DATE                      : 25/03/2011

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Citrix Presentation Server version 4.5,
                              Citrix XenApp version 5, XenApp Fundamentals version 2.0.

======================================================================
http://support.citrix.com/article/CTX128366
______________________________________________________________________

Vulnerability in the ActiveSync feature of Citrix Presentation Server
and XenApp could result in arbitrary code execution

Document ID: CTX128366   /   Created On: 23 mars 2011   /   Updated On: 23 mars 2011


Severity: High


Description of Problem

A vulnerability has been identified in the ActiveSync feature of Citrix
Presentation Server 4.5 and Citrix XenApp 5 that, when triggered, could
result in a arbitrary code execution.

The ActiveSync feature provides users with the ability to remotely
synchronize PDA devices with published applications such as
Microsoft Outlook. When a specially crafted packet is sent to a
vulnerable server, the ActiveSync service terminates unexpectedly.

This vulnerability affects Citrix Presentation Server version 4.5 and
Citrix XenApp 5 for Windows Server 2003. The affected service is
enabled by default on these platforms.


Mitigating Factors

Access to port 28875 on the Presentation Server or XenApp server would be
needed to trigger the vulnerability.

What Customers Should Do

A hotfix has been released to address this issue. Citrix recommends
that affected customers install this hotfix, which can be downloaded
from the following locations:

Citrix Presentation Server 4.5 with Feature Pack/XenApp 5 for
Windows Server 2003 x86:

EN - http://support.citrix.com/article/CTX125534

FR - http://support.citrix.com/article/CTX125535

DE - http://support.citrix.com/article/CTX125536

JA - http://support.citrix.com/article/CTX125704

ES - http://support.citrix.com/article/CTX125537

Citrix Presentation Server 4.5 with Feature Pack/XenApp 5 for Windows Server 2003 x64:

EN - http://support.citrix.com/article/CTX125705

FR - http://support.citrix.com/article/CTX125706

DE - http://support.citrix.com/article/CTX125707

JA - http://support.citrix.com/article/CTX125709

ES - http://support.citrix.com/article/CTX125708

Citrix Access Essentials 2.0:

EN - http://support.citrix.com/article/CTX125534

FR - http://support.citrix.com/article/CTX125535

DE - http://support.citrix.com/article/CTX125536

ES - http://support.citrix.com/article/CTX125537

Citrix also recommends that customers who do not use this feature
disable the Citrix ActiveSync Service even after the hotfix has been
applied.


Acknowledgements

Citrix thanks AbdulAziz Hariri, working with Secunia, for working with us
to protect Citrix customers.

What Citrix Is Doing

Citrix is notifying customers and channel partners about this potential
security issue. This article is also available from the
Citrix Knowledge Center at http://support.citrix.com/.


Obtaining Support on This Issue

If you require technical assistance with this issue, please contact
Citrix Technical Support. Contact details for Citrix Technical Support
are available at http://www.citrix.com/site/ss/supportContacts.asp.


Reporting Security Vulnerabilities to Citrix

Citrix welcomes input regarding the security of its products and considers
any and all potential vulnerabilities seriously. If you would like to report
a security issue to Citrix, please compose an e-mail to secure@citrix.com
stating the exact version of the product in which the vulnerability was
found and the steps needed to reproduce the vulnerability

This document applies to:

     * Feature Pack 1 for Presentation Server 4.5
     * Presentation Server 4.5 for Windows Server 2003 x64 Edition
     * XenApp 5.0 for Windows Server 2008 x64
     * XenApp 5.0 for Windows Server 2008 x86
     * XenApp Fundamentals 2.0


======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================