Description: A vulnerability has been reported in Citrix Presentation Server, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to a boundary error in the IMA service (ImaSrv.exe) and can be exploited to cause a buffer overflow via a specially crafted packet sent to port 2512/TCP or 2513/TCP.
Successful exploitation allows execution of arbitrary code.
The vulnerability affects the following products and versions:
* Citrix MetaFrame Presentation Server 3.0 for Microsoft Windows 2000
* Citrix MetaFrame Presentation Server 3.0 for Microsoft Windows 2003
* Citrix Presentation Server 4.0 for Microsoft Windows 2000
* Citrix Presentation Server 4.0 for Microsoft Windows 2003
* Citrix Presentation Server 4.0 x64 Edition
* Citrix Presentation Server 4.5 for Windows Server 2003 Russian Edition
* Citrix Presentation Server 4.5 for Windows Server 2003
* Citrix Presentation Server 4.5 for Windows Server 2003 x64 Edition
* Citrix Access Essentials 1.0
* Citrix Access Essentials 1.5
* Citrix Access Essentials 2.0
* Citrix Desktop Server 1.0
* Citrix Desktop Server 1.0 x64
Provided and/or discovered by: Discovered by Eric DETOISIEN and reported via TippingPoint/ZDI.
Changelog: 2008-01-18: Updated advisory with additional information provided by TippingPoint/ZDI.
2008-01-23: Added link to US-CERT.
2008-02-04: Added CVE reference.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
