You are here

T-541: Citrix Provisioning Services Unspecified Flaw Let's Remote Users Execute Arbitrary Code

January 24, 2011 - 5:34pm

Addthis

PROBLEM:

Citrix Provisioning Services Unspecified Flaw Let's Remote Users Execute Arbitrary Code

PLATFORM:

* Provisioning Services 5.1
* Provisioning Services 5.6

ABSTRACT:

A vulnerability has been identified in Citrix Provisioning Services that could result in arbitrary code execution. This vulnerability can be triggered by an attacker sending a specially crafted packet to the Provisioning Services server. This vulnerability is present in all supported versions of Citrix Provisioning Services up to and including version 5.6.

reference  LINKS:

Citrix Document ID: CTX127149

IMPACT ASSESSMENT:

High

Discussion:

A vulnerability has been identified in Citrix Provisioning Services that could result in arbitrary code execution. This vulnerability can be triggered by an attacker sending a specially crafted packet to the Provisioning Services server. This vulnerability is present in all supported versions of Citrix Provisioning Services up to and including version 5.6.

Solution:

This vulnerability has been addressed in Service Pack 1 for Citrix Provisioning Services version 5.6. Citrix recommends that customers apply this service pack to their Provisioning Services 5.6 deployments. The vendor's advisory is available at: http://support.citrix.com/article/CTX127149
 

Addthis