Vulnerability in Citrix XenApp could result in denial of service

Severity: Low

Description of Problem

A vulnerability has been identified in Citrix XenApp that, when triggered, could result in a denial of service.

This vulnerability is present in all versions of Citrix XenApp, formerly known as Presentation Server, up to and including version 6.5.

Mitigating Factors

In order to trigger this vulnerability, an attacker would need to be able to directly access the XenApp server. When deployed according to established best practice, the XenApp server would not be directly exposed and an Internet-based attacker would not be able to trigger this vulnerability.

What Customers Should Do

A hotfix has been released to address this issue. Citrix recommends that affected customers install this hotfix, which can be downloaded from the following locations:

 

Citrix XenApp 6.5 for Windows Server 2008 R2:

EN – http://support.citrix.com/article/CTX133001

FR – http://support.citrix.com/article/CTX133229

DE – http://support.citrix.com/article/CTX133230

JA – http://support.citrix.com/article/CTX133231

Citrix XenApp 6.0 for Windows Server 2008 R2:

EN – http://support.citrix.com/article/CTX130473

FR – http://support.citrix.com/article/CTX131529

DE – http://support.citrix.com/article/CTX131527

JA – http://support.citrix.com/article/CTX131528

ES – http://support.citrix.com/article/CTX131530

SC – http://support.citrix.com/article/CTX131531

Citrix XenApp 5 for Windows Server 2008 64-bit Edition:

EN – http://support.citrix.com/article/CTX133131

FR – http://support.citrix.com/article/CTX133134

DE – http://support.citrix.com/article/CTX133132

JA – http://support.citrix.com/article/CTX133133

ES – http://support.citrix.com/article/CTX133135

Citrix XenApp 5 for Windows Server 2008 32-bit Edition:

EN – http://support.citrix.com/article/CTX133126

FR – http://support.citrix.com/article/CTX133129

DE – http://support.citrix.com/article/CTX133127

JA – http://support.citrix.com/article/CTX133128

ES – http://support.citrix.com/article/CTX133130

Citrix Presentation Server 4.5/XenApp 5 for Windows Server 2003 64-bit Edition:

EN – http://support.citrix.com/article/CTX133360

FR – http://support.citrix.com/article/CTX133363

DE – http://support.citrix.com/article/CTX133361

JA – http://support.citrix.com/article/CTX133362

ES – http://support.citrix.com/article/CTX133364

Citrix Presentation Server 4.5/XenApp 5 for Windows Server 2003 32-bit Edition:

EN – http://support.citrix.com/article/CTX133359

FR – http://support.citrix.com/article/CTX133367

DE – http://support.citrix.com/article/CTX133365

JA – http://support.citrix.com/article/CTX133366

ES – http://support.citrix.com/article/CTX133368

 

You can read the original post here at the Citrix knowledgebase.