[THIN] Re: PN Agent 8 vulnerability....
- From: Thin Fan <thinfan@xxxxxxxxx>
- To: thin@xxxxxxxxxxxxx
- Date: Fri, 29 Apr 2005 15:27:32 -0700
Yes that's the same way I got it earlier this week and posted it to
you all then.
It works just fine to get the full client package...
ThinFan
On 4/29/05, Jim Kenzig Kenzig.com <jkenzig@xxxxxxxxx> wrote:
> Don't beat up on them..the version 9 MSI is now available.
> http://download2.citrix.com/FILES/en/products/client/ica/client9.0/Ica32Pkg.msi
> JK
>
> Joe Shonk wrote:
>
>
>
> CTX Version:
> http://support.citrix.com/kb/entry.jspa?externalID=CTX105650
>
>
>
> Nice of the NOT to fix the 8.x client… 9 is their recommendation yet 9 just
> got pulled! Nice… Now we have someone other than Microsoft to beat up on…
>
>
>
> Joe
>
>
> ________________________________
>
>
> From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
> Of Jim Kenzig http://thethin.net
> Sent: Friday, April 29, 2005 9:02 AM
> To: thin@xxxxxxxxxxxxx
> Subject: [THIN] PN Agent 8 vulnerability....
>
>
>
>
> From secunia.com....
>
> Secunia Advisory:
>
>
>
> SA15108
>
>
>
>
> Release Date:
>
> 2005-04-26
>
>
> Last Update:
>
> 2005-04-27
>
>
> http://secunia.com/advisories/15108/
>
>
>
>
>
> Moderately critical
>
>
> Impact:
>
> System access
>
>
> Where:
>
> From remote
>
>
> Solution Status:
>
> Vendor Patch
>
>
>
>
>
> Software:
>
> Citrix Program Neighborhood Agent 8.x
>
>
>
>
>
>
> Select a product and view a complete list of all Patched/Unpatched Secunia
> advisories affecting it.
>
>
>
>
>
> Description:
> Patrik Karlsson has reported two vulnerabilities in Citrix Program
> Neighborhood Agent, which can be exploited by malicious people to compromise
> a user's system.
>
> 1) A boundary error in the caching of information received from servers can
> be exploited to cause a stack-based buffer overflow and execute arbitrary
> code on a client system.
>
> 2) A design error allows arbitrary shortcuts to be created on a client
> system with the privileges of the logged in user. This can be exploited to
> eg. execute arbitrary programs when a user logs in the next time by placing
> a shortcut in the Startup folder.
>
> Successful exploitation requires that the client has been configured to
> point to a malicious server.
>
> The following clients are affected:
> * Program Neighborhood Agent for Win32
> * Citrix MetaFrame Presentation Server client for WinCE (versions including
> Program Neighborhood Agent)
>
> Solution:
> The vulnerabilities have been addressed in the listed client versions below,
> which are available at:
> http://www.citrix.com/English/SS/downloads/downloads.asp?dID=2755
>
> * Program Neighborhood Agent for Win32 versions 9.0 and later.
> * Citrix MetaFrame Presentation Server client for WinCE versions 8.33 and
> later.
>
> Provided and/or discovered by:
> Patrik Karlsson
>
> Changelog:
> 2005-04-27: Added additional information provided by iDEFENSE.
>
> Original Advisory:
> Citrix:
> http://support.citrix.com/kb/ent...?entryID=6156&categoryID=149
>
> iDEFENSE:
> http://www.idefense.com/applicat...?id=237&type=vulnerabilities
> http://www.idefense.com/applicat...?id=238&type=vulnerabilities
>
>
>
>
>
> Please note: The information, which this Secunia Advisory is based upon,
> comes from third party unless stated otherwise.
>
> Secunia collects, validates, and verifies all vulnerability reports issued
> by security research groups, vendors, and others.
>
>
>
>
>
Other related posts:
