[THIN] Re: PN Agent 8 vulnerability....

Do you have a link on how to do that?

 

Matthew Shrewsbury, MCSE+Internet MCSE 2000 CCA Server+

Senior Network Administrator

-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Joe Shonk
Sent: Friday, April 29, 2005 2:08 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: PN Agent 8 vulnerability....

 

I'll tell you what...   The ability to customize and repackage is ICA
Install package in 8/9 is really cool.

 

Joe

 

  _____  

From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Jim Kenzig Kenzig.com
Sent: Friday, April 29, 2005 9:30 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: PN Agent 8 vulnerability....

 

Don't beat up on them..the version 9 MSI is now available.

http://download2.citrix.com/FILES/en/products/client/ica/client9.0/Ica32
Pkg.msi

JK

Joe Shonk  wrote:

        CTX Version:
http://support.citrix.com/kb/entry.jspa?externalID=CTX105650

         

        Nice of the NOT to fix the 8.x client 9 is their recommendation
yet 9 just got pulled! Nice  Now we have someone other than Microsoft to
beat up on

         

        Joe

         

        
  _____  


        From: thin-bounce@xxxxxxxxxxxxx
[mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Kenzig
http://thethin.net
        Sent: Friday, April 29, 2005 9:02 AM
        To: thin@xxxxxxxxxxxxx
        Subject: [THIN] PN Agent 8 vulnerability....

         

From secunia.com....

Secunia Advisory:

 

SA15108

<http://secunia.com/advisories/15108/print/>   

Release Date:

2005-04-26

Last Update:

2005-04-27

http://secunia.com/advisories/15108/

 


Moderately critical <http://secunia.com/about_secunia_advisories/> 

Impact:

System access

Where:

From remote

Solution Status:

Vendor Patch

 

Software:

Citrix Program Neighborhood Agent 8.x <http://secunia.com/product/4287/>


 

 

Select a product and view a complete list of all Patched/Unpatched
Secunia advisories affecting it.

 

Description:
Patrik Karlsson has reported two vulnerabilities in Citrix Program
Neighborhood Agent, which can be exploited by malicious people to
compromise a user's system.

1) A boundary error in the caching of information received from servers
can be exploited to cause a stack-based buffer overflow and execute
arbitrary code on a client system.

2) A design error allows arbitrary shortcuts to be created on a client
system with the privileges of the logged in user. This can be exploited
to eg. execute arbitrary programs when a user logs in the next time by
placing a shortcut in the Startup folder.

Successful exploitation requires that the client has been configured to
point to a malicious server.

The following clients are affected:
* Program Neighborhood Agent for Win32
* Citrix MetaFrame Presentation Server client for WinCE (versions
including Program Neighborhood Agent)

Solution:
The vulnerabilities have been addressed in the listed client versions
below, which are available at:
http://www.citrix.com/English/SS/downloads/downloads.asp?dID=2755

* Program Neighborhood Agent for Win32 versions 9.0 and later.
* Citrix MetaFrame Presentation Server client for WinCE versions 8.33
and later.

Provided and/or discovered by:
Patrik Karlsson

Changelog:
2005-04-27: Added additional information provided by iDEFENSE.

Original Advisory:
Citrix:
http://support.citrix.com/kb/ent...?entryID=6156&categoryID=149
<http://support.citrix.com/kb/entry.jspa?entryID=6156&categoryID=149> 

iDEFENSE:
http://www.idefense.com/applicat...?id=237&type=vulnerabilities
<http://www.idefense.com/application/poi/display?id=237&type=vulnerabili
ties> 
http://www.idefense.com/applicat...?id=238&type=vulnerabilities
<http://www.idefense.com/application/poi/display?id=238&type=vulnerabili
ties> 

 

Please note: The information, which this Secunia Advisory is based upon,
comes from third party unless stated otherwise.

Secunia collects, validates, and verifies all vulnerability reports
issued by security research groups, vendors, and others.

Other related posts: