微点交流论坛

标题: Citrix Presentation Server IMA Service缓冲溢出 [打印本页]

作者: pioneer 时间: 2008-1-23 09:39 标题: Citrix Presentation Server IMA Service缓冲溢出

来源

secunia.com

软件名

Citrix MetaFrame Presentation Server 3.x
Citrix Presentation Server 4.x
Citrix Access Essentials 1.x
Citrix Access Essentials 2.x
Citrix Desktop Server 1.x

描述

这可恶意危害受影响的系统
IMA服务中的越界访问错误可通过发送特定包到端口2512/TCP或2513/TCP导致缓冲溢出

溢出成功后可执行任意代码

该漏洞影响了以下产品和版本
* Citrix MetaFrame Presentation Server 3.0 for Microsoft Windows 2000
* Citrix MetaFrame Presentation Server 3.0 for Microsoft Windows 2003
* Citrix Presentation Server 4.0 for Microsoft Windows 2000
* Citrix Presentation Server 4.0 for Microsoft Windows 2003
* Citrix Presentation Server 4.0 x64 Edition
* Citrix Presentation Server 4.5 for Windows Server 2003 Russian Edition
* Citrix Presentation Server 4.5 for Windows Server 2003
* Citrix Presentation Server 4.5 for Windows Server 2003 x64 Edition
* Citrix Access Essentials 1.0
* Citrix Access Essentials 1.5
* Citrix Access Essentials 2.0
* Citrix Desktop Server 1.0
* Citrix Desktop Server 1.0 x64

解决方案

应用hotfix（详见厂商建议）
http://support.citrix.com/article/CTX114487

欢迎光临微点交流论坛 (http://bbs.micropoint.com.cn/)

bbs.micropoint.com.cn