[THIN] [Fwd: [UPDATED]*Sintelli Alert* SID-2003-3698 (Risk 8.4): CitrixMetaframe XP Cross Site Scripting vulnerability]

• From: George Yobst <george2@xxxxxxxxxxxxxxx>
• To: thin@xxxxxxxxxxxxx
• Date: Wed, 05 Nov 2003 09:48:57 -0800

Time to patch!
-George

-------- Original Message --------
Subject:        [UPDATED]*Sintelli Alert* SID-2003-3698 (Risk 8.4): Citrix
Metaframe XP Cross Site Scripting vulnerability
Date:   Wed, 5 Nov 2003 10:39:20 +0580
From:   Sintelli Alert! <support@xxxxxxxxxxxx>
Reply-To:       Sintelli Alert! <support@xxxxxxxxxxxx>
To:     sintraq@xxxxxxxxxxxx

<http://www.solsoft.com/whitepaper_sintelli>

Citrix Metaframe XP Cross Site Scripting vulnerability

SINTELLI ID:    SID-2003-3698
CERT ID:        NOT AVAILABLE
BUGTRAQ ID:     8939 <http://online.securityfocus.com/bid/8939>   CVE ID:
NOT AVAILABLE

PUBLISHED DATE: 31-OCT-03 UPDATED DATE: 05-NOV-03

REMOTE ATTACK:  YES     LOCAL ATTACK:   NO
AUTHENTICATION:         No Authentication Needed
        OPPORTUNITY:    Always
CLASS:  Input Validation Error
        VERIFICATION:   Vendor Confirmed

THREAT:         8       IMPACT:         7.33
RISK:   8.4     FIX BEFORE:     Immediate

SYSTEMS AFFECTED
Citrix MetaFrame XP
Microsoft Windows 2000 Workstation .
Microsoft Windows 2000 Workstation SP 1
Microsoft Windows 2000 Workstation SP2

VULNERABILITY SUMMARY
Andy Davis has reported a cross site scripting vulnerability in Citrix
Metaframe XP based on the manipulation of error messages sent to user's
web browser.

POTENTIAL IMPACT
Information disclosure.

DESCRIPTION
The Citrix MetaFrame Access Suite is a product that enables users to
access enterprise applications and information on demand. A cross site
scripting vulnerability has been reported that can be exploited by
supplying random credentails.

ATTACK VECTORS
When random credentials are supplied, the page returned displays the
following error:

"ERROR: The credentials supplied were invalid. Please try again."

The text used to construct this error message formed part of the URL:

https://server/citrix/metaframexp/default/login.asp?NFuse_LogoutId=On&NFuse_
MessageType=Error&NFuse_Message=Thex0020credentialsx0020suppliedx0020werex00
20invalidx002ex0020x0020Pleasex0020tryx0020againx002e

If the URL is changed to the following:

https://server/citrix/metaframexp/default/login.asp?NFuse_LogoutId=On&NFuse_
MessageType=Error&NFuse_Message=<SCRIPT>alert("Vulnerable to XSS")</SCRIPT>

the server processes the HTML and executes the javascript on the user's
browser.

VULNERABILITY SOLUTION
Updated version can be downloaded. See Fixes.

FIXES
http://www.mycitrix.com

ACKNOWLEDGEMENT
Discovery credited to Andy Davis.

REFERENCES
Web Page: http://www.irmplc.com/advisory/adv8.htm

ALERT HISTORY
Version 1: 31 OCT 2003.
Version 2: 04 NOV 2003, BID updated.

DISCLAIMER:
The threat, impact, risk and days to fix ratings of this alert are not
tailored to individual users or organisations. Users or organisations
may value alerts differently based upon their circumstances.The
information within this alert may change without notice.Use of the
information within this alert is governed by the terms of the Subscriber
Agreement signed by the user or organisation. Sintelli are not liable
for any consequences arising from either following or not following the
information contained within this alert.

Copyright © 2002-2003 Sintelli Limited
http://www.sintelli.com

---------------------------------------------------------------------------
George Yobst, Library Technology Analyst        phone: 503.723.4890
Library Information Network of Clackamas County   fax: 503.794.8238
16239 SE McLoughlin Blvd, Suite 208         web: http://www.lincc.lib.or.us
Oak Grove, OR 97267-4654                  email: george@xxxxxxxxxxxxxxx
"...it is impossible for anyone to begin to learn
 what he thinks he already knows."  - Epictetus

********************************************************
This Week's Sponsor - RTO Software / TScale
What's keeping you from getting more from your terminal servers? Did you
know, in most cases, CPU Utilization IS NOT the single biggest
constraint to scaling up?! Get this free white paper to understand the
real constraints & how to overcome them. SAVE MONEY by scaling-up rather
than buying more servers.
http://www.rtosoft.com/Enter.asp?ID=147
**********************************************************
Useful Thin Client Computing Links are available at:
http://thethin.net/links.cfm
New! Online Thin Computing Magazine Site
http://www.OnDemandAccess.com

For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm

• Follow-Ups:
  • [THIN] Re: [Fwd: [UPDATED]*Sintelli Alert* SID-2003-3698 (Risk 8.4): Citrix Metaframe XP Cross Site Scripting vulnerability]
    • From: Joe Shonk

Other related posts:

• » [THIN] [Fwd: [UPDATED]*Sintelli Alert* SID-2003-3698 (Risk 8.4): CitrixMetaframe XP Cross Site Scripting vulnerability]

1. Home
2. thin
3. Archive
4. 11-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---