Citrix XenServer Multiple Security Updates

A number of security vulnerabilities have been identified in Citrix XenServer. These vulnerabilities affect all currently supported versions of Citrix XenServer up to and including version 6.1.

The following vulnerabilities have been addressed:

  • CVE-2013-1918: Several long latency operations are not pre-emptible
  • CVE-2013-1919: Several access permissions with IRQs for unprivileged guests
  • CVE-2013-1952: VT-d interrupt remapping source validation flaw for bridges
  • CVE-2013-1964: grant table hypercall acquire/release imbalance

Mitigating Factors

Customers on versions of XenServer prior to XenServer 6.0 are only affected by CVE-2013-1918 which is a host denial of service attack. Continue reading “Citrix XenServer Multiple Security Updates”

Vulnerability in Citrix Access Gateway Standard Edition 5.0 could result in unauthorized access to network resources

A vulnerability has been identified in Citrix Access Gateway Standard Edition that could allow an unauthenticated user to gain access to network resources.

This vulnerability has been assigned the following CVE number:

• CVE-2013-2263

This vulnerability affects all 5.0.x versions of the Citrix Access Gateway Standard Edition appliance firmware earlier than 5.0.4.223524.

Citrix Access Gateway Standard Edition versions 4.5.x and 4.6.x are not affected by this vulnerability.

What Customers Should Do Continue reading “Vulnerability in Citrix Access Gateway Standard Edition 5.0 could result in unauthorized access to network resources”

Vulnerability in Citrix XenApp could result in arbitrary code execution

A vulnerability has been identified in the XML Service interface of XenApp that could potentially be used by a remote, unauthenticated attacker to execute arbitrary code in the context of a service account on a XenApp server. The vulnerability could potentially be exploited by sending a specially crafted packet to the vulnerable component.

This vulnerability affects Citrix XenApp versions 6.5 both with, and without, Feature Pack 1.

This vulnerability has been assigned the following CVE:

• CVE-2012-5161

Mitigating Factors

In order to exploit this issue, the attacker would need to be able to access the XML Service interface. In a normal deployment, the XML Service would not be directly exposed to the Internet.

What Customers Should Do

Hotfixes have been released to address this issue. Citrix strongly recommends that all customers install these hotfixes, which can be downloaded from the following locations:

Citrix XenApp 6.5 for Windows Server 2008 R2 with Feature Pack 1: CTX135025 – Hotfix XA650R01W2K8R2X64033 – For Citrix XenApp 6.5 for Windows Server 2008 R2 – English

Customers that are not able to upgrade to XenApp 6.5 with Feature Pack 1 may use the hotfix for the release version of XenApp 6.5 which is available at the following location: Citrix XenApp 6.5 for Windows Server 2008 R2: CTX135499 – Hotfix XA650W2K8R2X64036 – For Citrix XenApp 6.5 for Windows Server 2008 R2 – English

Read more about this vulnerability here.

Security vulnerabilities in Citrix Access Gateway standard edition

Three security vulnerabilities have been identified in Access Gateway Standard Edition:

    • Directory traversal in Access Gateway Standard Edition 5.0.x prior to version 5.0.4 (critical severity)

    • Access Gateway Standard Edition 5.0.x can act as an open proxy (high severity)

    • Text content injection in Access Gateway Standard Edition 5.0.3 and 5.0.4 (low severity)

Access Gateway Standard Edition versions 4.5.x and 4.6.x and currently supported versions of NetScaler Access Gateway Enterprise Edition are not affected by these vulnerabilities.

What Customers Should Do

A patch for version 5.0.4 of the Access Gateway Standard Edition firmware has been released to address these vulnerabilities. Citrix strongly recommends that all customers using affected versions of Access Gateway Standard Edition apply this patch to their appliances as soon as possible. This patch can be found at the following location:

https://www.citrix.com/English/ss/downloads/results.asp?productID=15005&c1=pov2305020&c2=sot36239

What Citrix Is Doing

Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at http://support.citrix.com/.

Obtaining Support on This Issue

If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at http://www.citrix.com/site/ss/supportContacts.asp.

Reporting Security Vulnerabilities to Citrix

Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. If you would like to report a security issue to Citrix, please compose an e-mail to secure@citrix.com stating the exact version of the product in which the vulnerability was found and the steps needed to reproduce the vulnerability.

Read the original KB article here.

Citrix XenServer multiple security ipdates

A number of security vulnerabilities have been identified in Citrix XenServer. These vulnerabilities affect all currently supported versions of Citrix XenServer up to and including version 6.0.2.

The following issues have been addressed:

• 64-bit PV guest to host privilege escalation vulnerability. This issue only impacts servers running on Intel processors and could permit a 64-bit PV guest to compromise the XenServer host (CVE-2012-0217).

• Guest denial of service on syscall/sysenter exception generation. This issue could permit user code within a PV guest to crash the guest operating system (CVE-2012-0218).

• Administrative connections to VM consoles through XAPI or XenCenter could be routed to the wrong VM.

Mitigating Factors

Customers that are using only Windows guests, which are never PV guests, are unaffected by the first two issues described above. Customers should refer to the XenServer product documentation for more information on the types of guests available.

What Customers Should Do

Hotfixes have been released to address these issues in all supported versions and update levels of Citrix XenServer. Citrix strongly recommends that customers using Citrix XenServer identify and apply the hotfixes that relate to their deployed versions:

Citrix XenServer 6.0.2:
http://support.citrix.com/article/CTX133166

http://support.citrix.com/article/CTX133174

Citrix XenServer 6.0.0:
http://support.citrix.com/article/CTX133165

http://support.citrix.com/article/CTX133173

Citrix XenServer 5.6 Service Pack 2:
http://support.citrix.com/article/CTX133175

http://support.citrix.com/article/CTX133172


Citrix XenServer 5.6 Feature Pack 1:
http://support.citrix.com/article/CTX133176

http://support.citrix.com/article/CTX133171


Citrix XenServer 5.6:
http://support.citrix.com/article/CTX133180


Citrix XenServer 5.5 Update 2:
http://support.citrix.com/article/CTX133179

http://support.citrix.com/article/CTX133168


Citrix XenServer 5.0 Update 3:
http://support.citrix.com/article/CTX133177

http://support.citrix.com/article/CTX133167

Customers using Citrix XenServer 5.6 in the Common Criteria evaluated configuration should apply the following hotfix:

http://support.citrix.com/article/CTX133184

You can read the entire article here on the Citrix KB support page.

Vulnerability in Citrix XenApp could result in denial of service

Severity: Low

Description of Problem

A vulnerability has been identified in Citrix XenApp that, when triggered, could result in a denial of service.

This vulnerability is present in all versions of Citrix XenApp, formerly known as Presentation Server, up to and including version 6.5.

Mitigating Factors

In order to trigger this vulnerability, an attacker would need to be able to directly access the XenApp server. When deployed according to established best practice, the XenApp server would not be directly exposed and an Internet-based attacker would not be able to trigger this vulnerability.

What Customers Should Do

A hotfix has been released to address this issue. Citrix recommends that affected customers install this hotfix, which can be downloaded from the following locations:

Continue reading “Vulnerability in Citrix XenApp could result in denial of service”

McAfee Security bulletin

Summary

Who should read this document:
Technical and Security Personnel

Impact of Vulnerability:
Security Bypass Remote Code Execution

CVE Number:
None

US CERT Number:
None

Severity Rating:
Critical

Overall CVSS Rating:
7

Recommendations:
Uninstall McAfee Virtual Technician v6.3 or earlier, or re-download and re-install McAfee Virtual Technician v6.4 or later

Security Bulletin Replacement:
None

Caveats:
Internet Explorer must be running for this vulnerability to be exploited

Affected Software:
McAfee Virtual Technician 6.3.0.1911 and earlier

Continue reading “McAfee Security bulletin”

Vulnerability in Citrix Provisioning Services could result in arbitrary code execution

Severity: High

Description of Problem

A vulnerability has been identified in Citrix Provisioning Services that could result in arbitrary code execution. This vulnerability can be triggered by an attacker sending a specially crafted packet to the Provisioning Services server.

This vulnerability is present in all supported versions of Citrix Provisioning Services up to and including version 6.1.

Mitigating Factors

In a typical deployment, the vulnerable component will not be accessible from the Internet.

What Customers Should Do

This vulnerability has been addressed in a series of hotfixes for affected versions of Citrix Provisioning Services. Citrix strongly recommends that customers apply the required hotfix for their Provisioning Services deployments. These hotfixes can be found at the following locations: Continue reading “Vulnerability in Citrix Provisioning Services could result in arbitrary code execution”

Update on the DLL-preloading remote attack vector

Last week, we released Security Advisory 2269637 notifying customers of a publicly disclosed remote attack vector to a class of vulnerabilities affecting applications that load dynamic-link libraries (DLL’s) in an insecure manner. At that time, we also released a tool to help protect systems by disallowing unsafe DLL-loading behavior. Continue reading “Update on the DLL-preloading remote attack vector”