certfr_avis - certa-2006-avi-491

CERTA-2006-AVI-491

Vulnerability from certfr_avis - Published: - Updated:

None

Description

Plusieurs vulnérabilités ont été identifiées dans les produits Citrix MetaFrame Presentation Server. Elles concernent le service IMA (pour Independant Management Architecture) , en charge de la communication de serveur à serveur dans le cadre d'une gestion centralisée.

Certains paquets échangés ne seraient pas traités de manière correcte. En particulier, l'une des vulnérabilités impliquerait la fonction IMA_SECURE_DecryptData1() dans la bibliothèque ImaSystem.dll. Une personne malveillante pourrait donc emettre vers les ports en écoute du service IMA (ports TCP 2512 et 2513 par défaut), afin d'exploiter l'une de ces vulnérabilités. Cela lui permettrait d'interrompre inopinément le service, voire d'exécuter, à distance et sous certaines conditions, des commandes arbitraires.

Solution

Se référer au bulletin de sécurité de l'éditeur Citrix pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Citrix	N/A	Citrix MetaFrame Presentation Server 3.0 pour Microsoft Windows 2003 ;
Citrix	N/A	Citrix MetaFrame Presentation Server 3.0 pour Microsoft Windows 2000 ;
Citrix	N/A	Citrix MetaFrame XP 1.0 pour Microsoft Windows 2000.
Citrix	N/A	Citrix Presentation Server 4.0 x64 Edition ;
Citrix	N/A	Citrix Presentation Server 4.0 pour Microsoft Windows 2003 ;
Citrix	N/A	Citrix Presentation Server 4.0 pour Microsoft Windows 2000 ;

References

Title

Publication Time

Tags

Avis de sécurité Citrix CTX111186 du 08 novembre 2006	None	vendor-advisory
Annonce Zero Day Initiative de TippingPoint (3Com) ZDI-06-038 :	-	other
Bulletin de sécurité Citrix CTX111186 du 08 novembre 2006 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Citrix MetaFrame Presentation Server 3.0 pour Microsoft Windows 2003 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix MetaFrame Presentation Server 3.0 pour Microsoft Windows 2000 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix MetaFrame XP 1.0 pour Microsoft Windows 2000.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix Presentation Server 4.0 x64 Edition ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix Presentation Server 4.0 pour Microsoft Windows 2003 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix Presentation Server 4.0 pour Microsoft Windows 2000 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans les produits Citrix\nMetaFrame Presentation Server. Elles concernent le service IMA (pour\nIndependant Management Architecture) , en charge de la communication de\nserveur \u00e0 serveur dans le cadre d\u0027une gestion centralis\u00e9e.\n\nCertains paquets \u00e9chang\u00e9s ne seraient pas trait\u00e9s de mani\u00e8re correcte.\nEn particulier, l\u0027une des vuln\u00e9rabilit\u00e9s impliquerait la fonction\nIMA_SECURE_DecryptData1() dans la biblioth\u00e8que ImaSystem.dll. Une\npersonne malveillante pourrait donc emettre vers les ports en \u00e9coute du\nservice IMA (ports TCP 2512 et 2513 par d\u00e9faut), afin d\u0027exploiter l\u0027une\nde ces vuln\u00e9rabilit\u00e9s. Cela lui permettrait d\u0027interrompre inopin\u00e9ment le\nservice, voire d\u0027ex\u00e9cuter, \u00e0 distance et sous certaines conditions, des\ncommandes arbitraires.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur Citrix pour l\u0027obtention\ndes correctifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-5821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-5821"
    }
  ],
  "links": [
    {
      "title": "Annonce Zero Day Initiative de    TippingPoint (3Com) ZDI-06-038 :",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-2006-038.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX111186 du 08 novembre 2006 :",
      "url": "http://support.citrix.com/article/CTX111186"
    }
  ],
  "reference": "CERTA-2006-AVI-491",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2006-11-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": null,
  "title": "Plusieurs vuln\u00e9rabilit\u00e9s de Citrix MetaFrame",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Avis de s\u00e9curit\u00e9 Citrix CTX111186 du 08 novembre 2006",
      "url": null
    }
  ]
}

CVE-2006-5821 (GCVE-0-2006-5821)

Vulnerability from cvelistv5 – Published: 2006-11-10 23:00 – Updated: 2024-08-07 20:04

Summary

Heap-based buffer overflow in the IMA_SECURE_DecryptData1 function in ImaSystem.dll for Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to execute arbitrary code via requests to the Independent Management Architecture (IMA) service (ImaSrv.exe) with invalid size values that trigger the overflow during decryption.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.securityfocus.com/archive/1/451337/100…	mailing-listx_refsource_BUGTRAQ
	http://www.zerodayinitiative.com/advisories/ZDI-0…	x_refsource_MISC
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://securitytracker.com/id?1017205	vdb-entryx_refsource_SECTRACK
	http://support.citrix.com/article/CTX111186	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/20986	vdb-entryx_refsource_BID
	http://secunia.com/advisories/22802	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2006/4429	vdb-entryx_refsource_VUPEN

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T20:04:55.520Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20061109 ZDI-06-038: Citrix MetaFrame IMA Management Module Remote Heap Overflow",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/451337/100/100/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-038.html"
          },
          {
            "name": "citrix-ima-management-bo(30148)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30148"
          },
          {
            "name": "1017205",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017205"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.citrix.com/article/CTX111186"
          },
          {
            "name": "20986",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/20986"
          },
          {
            "name": "22802",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22802"
          },
          {
            "name": "ADV-2006-4429",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4429"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-11-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in the IMA_SECURE_DecryptData1 function in ImaSystem.dll for Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to execute arbitrary code via requests to the Independent Management Architecture (IMA) service (ImaSrv.exe) with invalid size values that trigger the overflow during decryption."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-17T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20061109 ZDI-06-038: Citrix MetaFrame IMA Management Module Remote Heap Overflow",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/451337/100/100/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-038.html"
        },
        {
          "name": "citrix-ima-management-bo(30148)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30148"
        },
        {
          "name": "1017205",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017205"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.citrix.com/article/CTX111186"
        },
        {
          "name": "20986",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/20986"
        },
        {
          "name": "22802",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22802"
        },
        {
          "name": "ADV-2006-4429",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4429"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-5821",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in the IMA_SECURE_DecryptData1 function in ImaSystem.dll for Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to execute arbitrary code via requests to the Independent Management Architecture (IMA) service (ImaSrv.exe) with invalid size values that trigger the overflow during decryption."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20061109 ZDI-06-038: Citrix MetaFrame IMA Management Module Remote Heap Overflow",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/451337/100/100/threaded"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-06-038.html",
              "refsource": "MISC",
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-038.html"
            },
            {
              "name": "citrix-ima-management-bo(30148)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30148"
            },
            {
              "name": "1017205",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1017205"
            },
            {
              "name": "http://support.citrix.com/article/CTX111186",
              "refsource": "CONFIRM",
              "url": "http://support.citrix.com/article/CTX111186"
            },
            {
              "name": "20986",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/20986"
            },
            {
              "name": "22802",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22802"
            },
            {
              "name": "ADV-2006-4429",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/4429"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-5821",
    "datePublished": "2006-11-10T23:00:00",
    "dateReserved": "2006-11-08T00:00:00",
    "dateUpdated": "2024-08-07T20:04:55.520Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CERTA-2006-AVI-491

Description

Solution

CVE-2006-5821 (GCVE-0-2006-5821)

Tags

Sightings

Nomenclature