[THIN] [Fwd: *Sintelli Alert* SID-2004-1023 (Risk 7.6): Citrix MetaFrameICA Connection Client Drive Access Vulnerability]

• From: George Yobst <george2@xxxxxxxxxxxxxxx>
• To: thin@xxxxxxxxxxxxx
• Date: Fri, 30 Apr 2004 10:04:44 -0700

FYI - Severity:Low
-George

-------- Original Message --------
Subject:        *Sintelli Alert* SID-2004-1023 (Risk 7.6): Citrix MetaFrame
ICA Connection Client Drive Access Vulnerability
Date:   Fri, 30 Apr 2004 09:08:21 +0580
From:   Sintelli Alert! <support@xxxxxxxxxxxx>
Reply-To:       Sintelli Alert! <support@xxxxxxxxxxxx>
To:     sintraq@xxxxxxxxxxxx



Citrix MetaFrame ICA Connection Client Drive Access Vulnerability

SINTELLI ID:    SID-2004-1023
CERT ID:        NOT AVAILABLE   NESSUS ID:      NOT AVAILABLE
BUGTRAQ ID:     NOT AVAILABLE   CVE ID:         NOT AVAILABLE

PUBLISHED DATE:         28-APR-04       UPDATED DATE:   30-APR-04

REMOTE ATTACK:  YES     LOCAL ATTACK:   NO
AUTHENTICATION:         Authentication Required
        OPPORTUNITY:    Always
CLASS:  Access Validation Error
        VERIFICATION:   Vendor Confirmed

THREAT:         6.33    IMPACT:         6.33
RISK:   7.6     FIX BEFORE:     13-MAY-04


SYSTEMS AFFECTED
Citrix METAFRAME XP 1.0 for Windows 2000 Server
Citrix METAFRAME XP 1.0 for Windows Server 2003
Citrix METAFRAME XP 1.0 for Windows Terminal Server
Citrix MetaFrame 1.8 for Windows 2000
Citrix MetaFrame 1.8 for Windows Terminal Server

VULNERABILITY SUMMARY
Citrix has reported that Citrix MetaFrame XP Server versions prior to
3.0 could allow unauthorized access to a user's client drive. By
creating a specially-crafted program and using the victim's ICA
connection, an attacker can gain unauthorized access to the vulnerable
client drive.

POTENTIAL IMPACT
Unauthorised access.

DESCRIPTION
Citrix MetaFrame is a remote desktop application that works with the
Windows Terminal Services to provide application server capabilities. A
vulnerability in MetaFrame allows access to another user's client drives.

ATTACK VECTORS
A remote authenticated administrator can use a specially-crafted program
and access another user's client drives via that user's ICA connection.

VULNERABILITY SOLUTION
Citrix has released an advisory Document ID: CTX103763 for this issue.
Upgrade to the latest version of Citrix MetaFrame XP Server 3.0 or
later. Download URLs are given in the advisory. See References.

FIXES
http://support.citrix.com/kb/entry.jspa?entryID=4289&categoryID=118
<http://support.citrix.com/kb/entry.jspa?entryID=4289&categoryID=118>

ACKNOWLEDGEMENT
Announced by the vendor.

REFERENCES
Web Page:
http://support.citrix.com/kb/entry.jspa?entryID=4289&categoryID=118...
<http://support.citrix.com/kb/entry.jspa?entryID=4289&categoryID=118>

ALERT HISTORY
Version 1: 28 APR 2004.

DISCLAIMER:
The threat, impact, risk and days to fix ratings of this alert are not
tailored to individual users or organisations. Users or organisations
may value alerts differently based upon their circumstances.The
information within this alert may change without notice.Use of the
information within this alert is governed by the terms of the Subscriber
Agreement signed by the user or organisation. Sintelli are not liable
for any consequences arising from either following or not following the
information contained within this alert.

Copyright © 2002-2004 Sintelli Limited
http://www.sintelli.com


-- 
---------------------------------------------------------------------------
George Yobst, Library Technology Analyst        phone: 503.723.4890
Library Information Network of Clackamas County   fax: 503.794.8238
16239 SE McLoughlin Blvd, Suite 208         web: http://www.lincc.lib.or.us
Oak Grove, OR 97267-4654                  email: george@xxxxxxxxxxxxxxx
"...it is impossible for anyone to begin to learn
  what he thinks he already knows."  - Epictetus

********************************************************
This week's sponsor - Emergent Online
Emergent delivers end-to-end solutions for private and public sector clients. 
From centralized application management, business continuity, outsourcing, to 
application development, security, and messaging solutions.
http://www.go-eol.com/index.asp
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm

• Follow-Ups:
  • [THIN] Re: [Fwd: *Sintelli Alert* SID-2004-1023 (Risk 7.6): Citrix MetaFrame ICA Connection Client Drive Access Vulnerability]
    • From: Rob Beekmans

Other related posts:

• » [THIN] [Fwd: *Sintelli Alert* SID-2004-1023 (Risk 7.6): Citrix MetaFrameICA Connection Client Drive Access Vulnerability]

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page

• » View list details
• » Manage your subscription