[THIN] Re: PN Agent 8 vulnerability....

Yes that's the same way I got it earlier this week and posted it to
you all then.

It works just fine to get the full client package...

ThinFan


On 4/29/05, Jim Kenzig Kenzig.com <jkenzig@xxxxxxxxx> wrote:
> Don't beat up on them..the version 9 MSI is now available.
> http://download2.citrix.com/FILES/en/products/client/ica/client9.0/Ica32Pkg.msi
> JK
> 
> Joe Shonk  wrote:
> 
> 
> 
> CTX Version:
> http://support.citrix.com/kb/entry.jspa?externalID=CTX105650
> 
>  
> 
> Nice of the NOT to fix the 8.x client… 9 is their recommendation yet 9 just
> got pulled! Nice…  Now we have someone other than Microsoft to beat up on…
> 
>  
> 
> Joe
> 
>  
> ________________________________
> 
> 
> From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
> Of Jim Kenzig http://thethin.net
> Sent: Friday, April 29, 2005 9:02 AM
> To: thin@xxxxxxxxxxxxx
> Subject: [THIN] PN Agent 8 vulnerability....
> 
>  
> 
> 
> From secunia.com....
> 
> Secunia Advisory:
> 
>  
> 
> SA15108
> 
>   
> 
> 
> Release Date:
> 
> 2005-04-26
> 
> 
> Last Update:
> 
> 2005-04-27
> 
> 
> http://secunia.com/advisories/15108/
> 
> 
>  
> 
> 
> Moderately critical
> 
> 
> Impact:
> 
> System access
> 
> 
> Where:
> 
> From remote
> 
> 
> Solution Status:
> 
> Vendor Patch
> 
> 
>  
> 
> 
> Software:
> 
> Citrix Program Neighborhood Agent 8.x
> 
>  
> 
> 
>  
> 
> Select a product and view a complete list of all Patched/Unpatched Secunia
> advisories affecting it.
> 
> 
>  
> 
> 
> Description:
> Patrik Karlsson has reported two vulnerabilities in Citrix Program
> Neighborhood Agent, which can be exploited by malicious people to compromise
> a user's system.
> 
> 1) A boundary error in the caching of information received from servers can
> be exploited to cause a stack-based buffer overflow and execute arbitrary
> code on a client system.
> 
> 2) A design error allows arbitrary shortcuts to be created on a client
> system with the privileges of the logged in user. This can be exploited to
> eg. execute arbitrary programs when a user logs in the next time by placing
> a shortcut in the Startup folder.
> 
> Successful exploitation requires that the client has been configured to
> point to a malicious server.
> 
> The following clients are affected:
> * Program Neighborhood Agent for Win32
> * Citrix MetaFrame Presentation Server client for WinCE (versions including
> Program Neighborhood Agent)
> 
> Solution:
> The vulnerabilities have been addressed in the listed client versions below,
> which are available at:
> http://www.citrix.com/English/SS/downloads/downloads.asp?dID=2755
> 
> * Program Neighborhood Agent for Win32 versions 9.0 and later.
> * Citrix MetaFrame Presentation Server client for WinCE versions 8.33 and
> later.
> 
> Provided and/or discovered by:
> Patrik Karlsson
> 
> Changelog:
> 2005-04-27: Added additional information provided by iDEFENSE.
> 
> Original Advisory:
> Citrix:
> http://support.citrix.com/kb/ent...?entryID=6156&categoryID=149
> 
> iDEFENSE:
> http://www.idefense.com/applicat...?id=237&type=vulnerabilities
> http://www.idefense.com/applicat...?id=238&type=vulnerabilities
> 
> 
>  
> 
> 
> Please note: The information, which this Secunia Advisory is based upon,
> comes from third party unless stated otherwise.
> 
> Secunia collects, validates, and verifies all vulnerability reports issued
> by security research groups, vendors, and others.
> 
> 
>  
> 
>

Other related posts: