Time to patch! -George
-------- Original Message -------- Subject: [UPDATED]*Sintelli Alert* SID-2003-3698 (Risk 8.4): Citrix Metaframe XP Cross Site Scripting vulnerability Date: Wed, 5 Nov 2003 10:39:20 +0580 From: Sintelli Alert! <support@xxxxxxxxxxxx> Reply-To: Sintelli Alert! <support@xxxxxxxxxxxx> To: sintraq@xxxxxxxxxxxx
SINTELLI ID: SID-2003-3698 CERT ID: NOT AVAILABLE BUGTRAQ ID: 8939 <http://online.securityfocus.com/bid/8939> CVE ID: NOT AVAILABLE
REMOTE ATTACK: YES LOCAL ATTACK: NO AUTHENTICATION: No Authentication Needed OPPORTUNITY: Always CLASS: Input Validation Error VERIFICATION: Vendor Confirmed
THREAT: 8 IMPACT: 7.33 RISK: 8.4 FIX BEFORE: Immediate
SYSTEMS AFFECTED Citrix MetaFrame XP Microsoft Windows 2000 Workstation . Microsoft Windows 2000 Workstation SP 1 Microsoft Windows 2000 Workstation SP2
VULNERABILITY SUMMARY Andy Davis has reported a cross site scripting vulnerability in Citrix Metaframe XP based on the manipulation of error messages sent to user's web browser.
POTENTIAL IMPACT Information disclosure.
DESCRIPTION The Citrix MetaFrame Access Suite is a product that enables users to access enterprise applications and information on demand. A cross site scripting vulnerability has been reported that can be exploited by supplying random credentails.
ATTACK VECTORS When random credentials are supplied, the page returned displays the following error:
https://server/citrix/metaframexp/default/login.asp?NFuse_LogoutId=On&NFuse_ MessageType=Error&NFuse_Message=Thex0020credentialsx0020suppliedx0020werex00 20invalidx002ex0020x0020Pleasex0020tryx0020againx002e
https://server/citrix/metaframexp/default/login.asp?NFuse_LogoutId=On&NFuse_ MessageType=Error&NFuse_Message=<SCRIPT>alert("Vulnerable to XSS")</SCRIPT>
the server processes the HTML and executes the javascript on the user's browser.
VULNERABILITY SOLUTION Updated version can be downloaded. See Fixes.
FIXES http://www.mycitrix.com
ACKNOWLEDGEMENT Discovery credited to Andy Davis.
REFERENCES Web Page: http://www.irmplc.com/advisory/adv8.htm
ALERT HISTORY Version 1: 31 OCT 2003. Version 2: 04 NOV 2003, BID updated.
DISCLAIMER: The threat, impact, risk and days to fix ratings of this alert are not tailored to individual users or organisations. Users or organisations may value alerts differently based upon their circumstances.The information within this alert may change without notice.Use of the information within this alert is governed by the terms of the Subscriber Agreement signed by the user or organisation. Sintelli are not liable for any consequences arising from either following or not following the information contained within this alert.
Copyright © 2002-2003 Sintelli Limited http://www.sintelli.com
--------------------------------------------------------------------------- George Yobst, Library Technology Analyst phone: 503.723.4890 Library Information Network of Clackamas County fax: 503.794.8238 16239 SE McLoughlin Blvd, Suite 208 web: http://www.lincc.lib.or.us Oak Grove, OR 97267-4654 email: george@xxxxxxxxxxxxxxx "...it is impossible for anyone to begin to learn what he thinks he already knows." - Epictetus
******************************************************** This Week's Sponsor - RTO Software / TScale What's keeping you from getting more from your terminal servers? Did you know, in most cases, CPU Utilization IS NOT the single biggest constraint to scaling up?! Get this free white paper to understand the real constraints & how to overcome them. SAVE MONEY by scaling-up rather than buying more servers. http://www.rtosoft.com/Enter.asp?ID=147 ********************************************************** Useful Thin Client Computing Links are available at: http://thethin.net/links.cfm New! Online Thin Computing Magazine Site http://www.OnDemandAccess.com