微点交流论坛

标题: Citrix Presentation Server发布应用程序时的漏洞 [打印本页]

作者: pioneer 时间: 2007-11-17 11:59 标题: Citrix Presentation Server发布应用程序时的漏洞

来源

secunia.com

软件名

Citrix Access Essentials 1.x
Citrix MetaFrame Presentation Server 3.x
Citrix Presentation Server 4.x
Citrix Access Essentials 2.x

描述

这可恶意危害有漏洞的系统
激活ICA连接到Citrix Presentation Server发布应用程序和调用其它潜在的应用程序，可在用户被骗访问恶意网址或打开恶意.ICA文件时在Citrix Presentation Server上可调用已发布特定参数的应用程序

调用成功需要授权目标用户执行发布的应用程序并且Citrix Presentation Server被配置为允许传递参数到发布的应用程序

该漏洞在以下产品中已经确认：
* Access Essentials 1.0
* Citrix Access Essentials 1.5
* Citrix Access Essentials 2.0
* Citrix MetaFrame Presentation Server 3.0 for Microsoft Windows 2000
* Citrix MetaFrame Presentation Server 3.0 for Microsoft Windows 2003
* Citrix Presentation Server 4.0 for Microsoft Windows 2000
* Citrix Presentation Server 4.0 for Microsoft Windows 2003
* Citrix Presentation Server 4.0 x64 Edition
* Citrix Presentation Server 4.5 for Windows Server 2003
* Citrix Presentation Server 4.5 for Windows Server 2003 Feature Pack 1
* Citrix Presentation Server 4.5 for Windows Server 2003 x64 Edition

解决方案

厂商推荐执行最好的安全策略，并且提供了及时更新以确保应用程序名低可预测
Citrix Security Bulletin CTX114938 (Best practices):
http://support.citrix.com/article/CTX114938

Citrix Presentation Server 4.5 for Windows Server 2003:
http://support.citrix.com/article/CTX115275

Citrix Presentation Server 4.5 for Windows Server 2003 x64 Editions:
http://support.citrix.com/article/CTX115278

Citrix Presentation Server 4.0 for Windows 2000 Server:
http://support.citrix.com/article/CTX115276

Citrix Presentation Server 4.0 for Windows Server 2003:
http://support.citrix.com/article/CTX115277

欢迎光临微点交流论坛 (http://bbs.micropoint.com.cn/)

bbs.micropoint.com.cn