Citrix Provisioning Services up to 5.6 Network Communication memory corruption
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.0 | $0-$5k | 0.00 |
Summary
A vulnerability was found in Citrix Provisioning Services up to 5.6. It has been declared as critical. This affects an unknown part of the component Network Communication Handler. The manipulation results in memory corruption. There is no available exploit. Applying a patch is advised to resolve this issue.
Details
A vulnerability classified as critical has been found in Citrix Provisioning Services up to 5.6 (Connectivity Software). Affected is some unknown processing of the component Network Communication Handler. The manipulation with an unknown input leads to a memory corruption vulnerability. CWE is classifying the issue as CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. This is going to have an impact on confidentiality, integrity, and availability.
The weakness was presented 01/19/2011 with ZDI (Website). The advisory is shared for download at zerodayinitiative.com. It is possible to launch the attack remotely. There are neither technical details nor an exploit publicly available.
Upgrading to version 5.6 SP1 eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at support.citrix.com. The best possible mitigation is suggested to be patching the affected component. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 10781. The filter is assigned to the category Exploits.
The vulnerability is also documented in the vulnerability database at Secunia (SA42954†). VulDB is the best source for vulnerability data and more expert information about this specific topic.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.citrix.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.3VulDB Meta Temp Score: 6.0
VulDB Base Score: 6.3
VulDB Temp Score: 6.0
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Memory corruptionCWE: CWE-119
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
0-Day Time: 🔍
Upgrade: Provisioning Services 5.6 SP1
Patch: support.citrix.com
TippingPoint: 🔍
TippingPoint Title: 🔍
TippingPoint Category: 🔍
Timeline
01/19/2011 🔍01/19/2011 🔍
02/14/2011 🔍
04/24/2018 🔍
Sources
Vendor: citrix.comAdvisory: zerodayinitiative.com
Researcher: http://www.zerodayinitiative.com
Organization: ZDI
Status: Not defined
GCVE (VulDB): GCVE-100-4248
Secunia: 42954 - Citrix Provisioning Services Packet Handling Buffer Overflow Vulnerability, Moderately Critical
Entry
Created: 02/14/2011 10:56Updated: 04/24/2018 08:49
Changes: 02/14/2011 10:56 (55), 04/24/2018 08:49 (1)
Complete: 🔍
Cache ID: 216:554:103
VulDB is the best source for vulnerability data and more expert information about this specific topic.
No comments yet. Languages: en.
Please log in to comment.