[NT] Citrix MetaFrame Remote Denial of Service Vulnerability

From: support@securiteam.com
Date: 10/22/01 

From: support@securiteam.com
To: list@securiteam.com
Subject: [NT] Citrix MetaFrame Remote Denial of Service Vulnerability
Message-Id: <20011021223219.E877D138C9@mail.der-keiler.de>
Date: Mon, 22 Oct 2001 00:32:19 +0200 (CEST)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -

  Citrix MetaFrame Remote Denial of Service Vulnerability
------------------------------------------------------------------------

SUMMARY

ISS has discovered a remote Denial of Service (DoS) vulnerability in
Citrix MetaFrame. Citrix MetaFrame is an application server that works
with Windows Terminal Services. This vulnerability causes a MetaFrame
installation to crash or "blue screen" and requires an affected system to
be restarted manually. No local access is needed to exploit this
vulnerability.

DETAILS

Vulnerable systems:
Citrix MetaFrame 1.8 Server with Service Pack 3
Citrix MetaFrame XP Server
Citrix MetaFrame XP Server Service Pack 1

Citrix MetaFrame works with Windows Terminal Services to provide
application server capabilities.

This vulnerability is caused by the improper handling of the establishment
of multiple sessions in the Citrix product. An attacker can initiate
multiple fake sessions with the target server by simulating the protocol
used between the MetaFrame client and server. These sessions pass file
name and other information from client to server before encrypted channels
are established. The server allows a maximum of approximately 52 sessions
to be started. After the sessions time out, new sessions that are
initiated will cause the server to crash. The new sessions cause an
exception whose result is a blue screen. This exception, which is usually
a page fault, can occur in various processes.

Recommendations:
ISS X-Force recommends that all vulnerable MetaFrame customers download
and apply the appropriate Citrix Hotfix for their server platform from the
Citrix Web site. To obtain this Hotfix, connect to the Citrix Web site (
<http://www.citrix.com/support> http://www.citrix.com/support), click the
link to the Solution Knowledge Base, and select Hotfixes and Service Packs
from the Additional Resources menu.

The Hotfixes that apply to the vulnerability described in this Security
Advisory are:

MetaFrame 1.8 with Service Pack 3:
     Windows NT 4.0 Terminal Server:
          English: ME183T012
          German: MG183T012
     Windows 2000:
          English: ME183W018
          German: MG183W018
MetaFrame XP:
     Hotfixes will be made available for MetaFrame XP
     and MetaFrame XP Service Pack 1/Feature Pack 1

Refer to the Hotfixes and Service Packs section of the Citrix Knowledge
Base Web site for more information on patching your system.

ADDITIONAL INFORMATION

The information has been provided by <mailto:xforce@iss.net> X-Force.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Relevant Pages