[THIN] PN Agent 8 vulnerability....

• From: "Jim Kenzig http://thethin.net" <jimkenz@xxxxxxxxxxxxxx>
• To: thin@xxxxxxxxxxxxx
• Date: Fri, 29 Apr 2005 09:01:34 -0700 (PDT)

From secunia.com....

Secunia Advisory:

 

SA15108
  Release Date:2005-04-26Last 
Update:2005-04-27http://secunia.com/advisories/15108/

Moderately criticalImpact:System access
Where:From remote
Solution Status:Vendor Patch
Software:Citrix Program Neighborhood Agent 8.x

Select a product and view a complete list of all Patched/Unpatched Secunia 
advisories affecting it.
Description:
Patrik Karlsson has reported two vulnerabilities in Citrix Program Neighborhood 
Agent, which can be exploited by malicious people to compromise a user's system.

1) A boundary error in the caching of information received from servers can be 
exploited to cause a stack-based buffer overflow and execute arbitrary code on 
a client system.

2) A design error allows arbitrary shortcuts to be created on a client system 
with the privileges of the logged in user. This can be exploited to eg. execute 
arbitrary programs when a user logs in the next time by placing a shortcut in 
the Startup folder.

Successful exploitation requires that the client has been configured to point 
to a malicious server.

The following clients are affected:
* Program Neighborhood Agent for Win32
* Citrix MetaFrame Presentation Server client for WinCE (versions including 
Program Neighborhood Agent)

Solution:
The vulnerabilities have been addressed in the listed client versions below, 
which are available at:
http://www.citrix.com/English/SS/downloads/downloads.asp?dID=2755

* Program Neighborhood Agent for Win32 versions 9.0 and later.
* Citrix MetaFrame Presentation Server client for WinCE versions 8.33 and later.

Provided and/or discovered by:
Patrik Karlsson

Changelog:
2005-04-27: Added additional information provided by iDEFENSE.

Original Advisory:
Citrix:
http://support.citrix.com/kb/ent...?entryID=6156&categoryID=149

iDEFENSE:
http://www.idefense.com/applicat...?id=237&type=vulnerabilities
http://www.idefense.com/applicat...?id=238&type=vulnerabilities


Please note: The information, which this Secunia Advisory is based upon, comes 
from third party unless stated otherwise.

Secunia collects, validates, and verifies all vulnerability reports issued by 
security research groups, vendors, and others.

• Follow-Ups:
  • [THIN] Re: PN Agent 8 vulnerability....
    • From: Joe Shonk

Other related posts:

• » [THIN] PN Agent 8 vulnerability....
• » [THIN] Re: PN Agent 8 vulnerability....
• » [THIN] Re: PN Agent 8 vulnerability....
• » [THIN] Re: PN Agent 8 vulnerability....
• » [THIN] Re: PN Agent 8 vulnerability....
• » [THIN] Re: PN Agent 8 vulnerability....
• » [THIN] Re: PN Agent 8 vulnerability....
• » [THIN] Re: PN Agent 8 vulnerability....
• » [THIN] Re: PN Agent 8 vulnerability....

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page

• » View list details
• » Manage your subscription