[NT] Citrix MetaFrame's Administrator Client Drivers Access

From: SecuriTeam (support_at_securiteam.com)
Date: 05/02/04

Next message: SecuriTeam: "[NEWS] AppleFileServer Remote Command Execution"

Previous message: SecuriTeam: "[NT] Apple QuickTime (QuickTime.qts) Heap Overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: list@securiteam.com
Date: 2 May 2004 19:04:51 +0200

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

- - - - - - - - -

Citrix MetaFrame's Administrator Client Drivers Access
------------------------------------------------------------------------

SUMMARY

It is possible for an administrator to mount any client drive available in
any user's Citrix session. The drive has to be mounted on the client
(local or network drive) but does not need to be mounted inside the Citrix
session. Access to the drives is granted as the user running the Citrix
client.

DETAILS

Vulnerable Systems:
* Citrix MetaFrame XP 1.0
* Citrix MetaFrame 1.8

Immune Systems:
* Citrix MetaFrame XP 1.0 with appropriate patch
* Citrix MetaFrame 1.8 with appropriate patch

What Customers Should Do:
This problem is corrected in MetaFrame XP Presentation Server 3.0.

For earlier releases, customers may wish to apply a Hotfix. Hotfixes are
language-specific. Please select the appropriate Hotfix for your version
of MetaFrame Presentation Server available from:
<http://support.citrix.com/kb/entry.jspa?entryID=4289&categoryID=118>
http://support.citrix.com/kb/entry.jspa?entryID=4289&categoryID=118.

ADDITIONAL INFORMATION

The information has been provided by <mailto:patrik@cqure.net> Patrik
Karlsson.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Next message: SecuriTeam: "[NEWS] AppleFileServer Remote Command Execution"

Previous message: SecuriTeam: "[NT] Apple QuickTime (QuickTime.qts) Heap Overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

[NEWS] Citrix Metaframe XP is vulnerable to Cross Site Scripting
... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... The Citrix MetaFrame Access Suite is a product that enables users to ... error messages sent to user's web browser. ...
(Securiteam)
[NT] Office Programs Can Browse Restricted Drives
... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... * Microsoft Office Service Pack 2 and prior ... After you establish a group policy to restrict access to a drive by ... selecting the Hide these specified drives in My Computer and Prevent ...
(Securiteam)
[NT] Internet Explorer Remote Dos (Memory Access Violation)
... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... bug in the way IE handles paths to drives in the body of HTML tags can ... the mentioned vulnerability is triggered. ... When the web page with the malicious code loads, the three registers ...
(Securiteam)