You are here

T-564: Vulnerabilities in Citrix Licensing administration components

February 24, 2011 - 7:00am

Addthis

PROBLEM:

Vulnerabilities in Citrix Licensing administration components.

PLATFORM:

Citrix Licensing Administration Console, formerly known as the License Management Console.

ABSTRACT:

The vulnerabilities impact all current versions of the Citrix Licensing Administration Console, formerly known as the License Management Console.

reference LINKS:

Citrix ID:CTX128167
SecurityTracker Alert ID:1025123
Citrix Support

IMPACT ASSESSMENT:

Medium

Discussion:

Citrix has been made aware of a number of vulnerabilities in a third-party component that is used by the Citrix Licensing administration console. These vulnerabilities could potentially allow an unauthorized user to gain access to some license administration functionality, and could also be used to conduct a denial of service against some licensing components.

In order to gain unauthorized access to the administrative interface, interaction from an authorized administrator is required. In a typical deployment, the affected components would not be widely exposed.

Solution:

Citrix is currently working with the third party vendor to provide fixes for these vulnerabilities, and this bulletin will be updated when the fixes are available. Until these fixes are released, Citrix recommends that customers apply the following additional security measures to help mitigate these issues:

The license server should be configured so that only authorized administrators on a trusted network are able to access the Licensing Administration Console port. This can be achieved with an appropriately configured network or host-based firewall.When using the Licensing Administration Console, administrators should avoid visiting untrusted websites or clicking on untrusted URLs.

Patches/Software Downloads
Technical Support Checklist - Software

 

Addthis