Hmm... Yet another vague alert. So which version of Web Interface are they referring to? Offhand, this sounds like the WI 2.0 exploit of which WI 2.1 fixes. That was a month ago. Sounds like another company wanting publicity. Joe -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of George Yobst Sent: Wednesday, November 05, 2003 10:49 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] [Fwd: [UPDATED]*Sintelli Alert* SID-2003-3698 (Risk 8.4): Citrix Metaframe XP Cross Site Scripting vulnerability] Time to patch! -George -------- Original Message -------- Subject: [UPDATED]*Sintelli Alert* SID-2003-3698 (Risk 8.4): Citrix Metaframe XP Cross Site Scripting vulnerability Date: Wed, 5 Nov 2003 10:39:20 +0580 From: Sintelli Alert! <support@xxxxxxxxxxxx> Reply-To: Sintelli Alert! <support@xxxxxxxxxxxx> To: sintraq@xxxxxxxxxxxx <http://www.solsoft.com/whitepaper_sintelli> Citrix Metaframe XP Cross Site Scripting vulnerability SINTELLI ID: SID-2003-3698 CERT ID: NOT AVAILABLE BUGTRAQ ID: 8939 <http://online.securityfocus.com/bid/8939> CVE ID: NOT AVAILABLE PUBLISHED DATE: 31-OCT-03 UPDATED DATE: 05-NOV-03 REMOTE ATTACK: YES LOCAL ATTACK: NO AUTHENTICATION: No Authentication Needed OPPORTUNITY: Always CLASS: Input Validation Error VERIFICATION: Vendor Confirmed THREAT: 8 IMPACT: 7.33 RISK: 8.4 FIX BEFORE: Immediate SYSTEMS AFFECTED Citrix MetaFrame XP Microsoft Windows 2000 Workstation . Microsoft Windows 2000 Workstation SP 1 Microsoft Windows 2000 Workstation SP2 VULNERABILITY SUMMARY Andy Davis has reported a cross site scripting vulnerability in Citrix Metaframe XP based on the manipulation of error messages sent to user's web browser. POTENTIAL IMPACT Information disclosure. DESCRIPTION The Citrix MetaFrame Access Suite is a product that enables users to access enterprise applications and information on demand. A cross site scripting vulnerability has been reported that can be exploited by supplying random credentails. ATTACK VECTORS When random credentials are supplied, the page returned displays the following error: "ERROR: The credentials supplied were invalid. Please try again." The text used to construct this error message formed part of the URL: https://server/citrix/metaframexp/default/login.asp?NFuse_LogoutId=On&NFuse_ MessageType=Error&NFuse_Message=Thex0020credentialsx0020suppliedx0020werex00 20invalidx002ex0020x0020Pleasex0020tryx0020againx002e If the URL is changed to the following: https://server/citrix/metaframexp/default/login.asp?NFuse_LogoutId=On&NFuse_ MessageType=Error&NFuse_Message=<SCRIPT>alert("Vulnerable to XSS")</SCRIPT> the server processes the HTML and executes the javascript on the user's browser. VULNERABILITY SOLUTION Updated version can be downloaded. See Fixes. FIXES http://www.mycitrix.com ACKNOWLEDGEMENT Discovery credited to Andy Davis. REFERENCES Web Page: http://www.irmplc.com/advisory/adv8.htm ALERT HISTORY Version 1: 31 OCT 2003. Version 2: 04 NOV 2003, BID updated. DISCLAIMER: The threat, impact, risk and days to fix ratings of this alert are not tailored to individual users or organisations. Users or organisations may value alerts differently based upon their circumstances.The information within this alert may change without notice.Use of the information within this alert is governed by the terms of the Subscriber Agreement signed by the user or organisation. Sintelli are not liable for any consequences arising from either following or not following the information contained within this alert. Copyright C 2002-2003 Sintelli Limited http://www.sintelli.com --------------------------------------------------------------------------- George Yobst, Library Technology Analyst phone: 503.723.4890 Library Information Network of Clackamas County fax: 503.794.8238 16239 SE McLoughlin Blvd, Suite 208 web: http://www.lincc.lib.or.us Oak Grove, OR 97267-4654 email: george@xxxxxxxxxxxxxxx "...it is impossible for anyone to begin to learn what he thinks he already knows." - Epictetus ******************************************************** This Week's Sponsor - RTO Software / TScale What's keeping you from getting more from your terminal servers? Did you know, in most cases, CPU Utilization IS NOT the single biggest constraint to scaling up?! Get this free white paper to understand the real constraints & how to overcome them. SAVE MONEY by scaling-up rather than buying more servers. http://www.rtosoft.com/Enter.asp?ID=147 ********************************************************** Useful Thin Client Computing Links are available at: http://thethin.net/links.cfm New! Online Thin Computing Magazine Site http://www.OnDemandAccess.com For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thethin.net/citrixlist.cfm ******************************************************** This Week's Sponsor - RTO Software / TScale What's keeping you from getting more from your terminal servers? Did you know, in most cases, CPU Utilization IS NOT the single biggest constraint to scaling up?! Get this free white paper to understand the real constraints & how to overcome them. SAVE MONEY by scaling-up rather than buying more servers. http://www.rtosoft.com/Enter.asp?ID=147 ********************************************************** Useful Thin Client Computing Links are available at: http://thethin.net/links.cfm New! Online Thin Computing Magazine Site http://www.OnDemandAccess.com For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thethin.net/citrixlist.cfm