CTX Version: http://support.citrix.com/kb/entry.jspa?externalID=CTX105650 Nice of the NOT to fix the 8.x client. 9 is their recommendation yet 9 just got pulled! Nice. Now we have someone other than Microsoft to beat up on. Joe _____ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Kenzig http://thethin.net Sent: Friday, April 29, 2005 9:02 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] PN Agent 8 vulnerability.... From secunia.com.... Secunia Advisory: SA15108 <http://secunia.com/advisories/15108/print/> Release Date: 2005-04-26 Last Update: 2005-04-27 http://secunia.com/advisories/15108/ <http://secunia.com/about_secunia_advisories/> Moderately critical Impact: System access Where: From remote Solution Status: Vendor Patch Software: Citrix Program Neighborhood Agent 8.x <http://secunia.com/product/4287/> Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it. Description: Patrik Karlsson has reported two vulnerabilities in Citrix Program Neighborhood Agent, which can be exploited by malicious people to compromise a user's system. 1) A boundary error in the caching of information received from servers can be exploited to cause a stack-based buffer overflow and execute arbitrary code on a client system. 2) A design error allows arbitrary shortcuts to be created on a client system with the privileges of the logged in user. This can be exploited to eg. execute arbitrary programs when a user logs in the next time by placing a shortcut in the Startup folder. Successful exploitation requires that the client has been configured to point to a malicious server. The following clients are affected: * Program Neighborhood Agent for Win32 * Citrix MetaFrame Presentation Server client for WinCE (versions including Program Neighborhood Agent) Solution: The vulnerabilities have been addressed in the listed client versions below, which are available at: http://www.citrix.com/English/SS/downloads/downloads.asp?dID=2755 * Program Neighborhood Agent for Win32 versions 9.0 and later. * Citrix MetaFrame Presentation Server client for WinCE versions 8.33 and later. Provided and/or discovered by: Patrik Karlsson Changelog: 2005-04-27: Added additional information provided by iDEFENSE. Original Advisory: Citrix: http://support.citrix.com/kb/ent...?entryID=6156 <http://support.citrix.com/kb/entry.jspa?entryID=6156&categoryID=149> &categoryID=149 iDEFENSE: http://www.idefense.com/applicat...?id=237 <http://www.idefense.com/application/poi/display?id=237&type=vulnerabilities > &type=vulnerabilities http://www.idefense.com/applicat...?id=238 <http://www.idefense.com/application/poi/display?id=238&type=vulnerabilities > &type=vulnerabilities Please note: The information, which this Secunia Advisory is based upon, comes from third party unless stated otherwise. Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.