Citrix Presentation Server Clients content redirection denial of service
| citrix-content-redirection-dos (35283) |  Low Risk |
Description:
The Citrix Presentation Server Client for Windows is vulnerable to a denial of service, caused by an unspecified vulnerability in the Program Neighborhood Agent. By attempting to access a file containing an overly long path using content redirection, a remote attacker could exploit this vulnerability to crash the agent or possibly launch further attacks on the vulnerable system.
*CVSS:
| Base Score: | 3.5 |
| Access Vector: | Remote |
| Access Complexity: | Low |
| Authentication: | Not Required |
| Confidentiality Impact: | None |
| Integrity Impact: | None |
| Availability Impact: | Partial |
| Temporal Score: | 2.6 |
| Exploitability: | Unproven |
| Remediation Level: | Official-Fix |
| Report Confidence: | Confirmed |
Consequences:
Denial of Service
Remedy:
Refer to CTX113543 for patch, upgrade, or suggested workaround information. See References.
References:
- Citrix Web site: Citrix Presentation Server Clients Version 10.1 (DoS).
- CTX113543: Citrix Presentation Server Client 10.100 Fixed Issues .
- BID-24790: Citrix Presentation Server Client Content-Redirection Denial Of Service Vulnerability
- CVE-2007-3625: The Program Neighborhood Agent in Citrix Presentation Server Clients for 32-bit Windows before 10.100 allows remote attackers to cause a denial of service (agent exit) via a certain request that uses content redirection and a long pathname.
- SA25897: Citrix Presentation Server Clients Content-Redirection Vulnerability
- SECTRACK ID: 1018343: Citrix Presentation Server Client Lets Remote Users Execute Arbitrary Code
- VUPEN/ADV-2007-2455: Citrix Presentation Server Clients Content Redirection Code Execution Vulnerability
Platforms Affected:
- Citrix Presentation Server Client 10.0
Reported:
Jun 28, 2007
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net
* According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall IBM be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.