| CVE ID | CVE-2006-5821 |
| CVSS SCORE | |
| AFFECTED VENDORS |
Citrix |
| AFFECTED PRODUCTS |
Metaframe Server |
| TREND MICRO CUSTOMER PROTECTION | Trend Micro TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID ['4494']. For further product information on the TippingPoint IPS: http://www.tippingpoint.com |
| VULNERABILITY DETAILS |
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Citrix MetaFrame Presentation Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the routine IMA_SECURE_DecryptData1() defined in ImaSystem.dll and is reachable through the Independant Management Architecture (IMA) service (ImaSrv.exe) that listens on TCP port 2512 or 2513. The encryption scheme used is reversible and relies on several 32-bit fields indicating the size of the packet and the offsets to the authentication strings. During the decryption of authentication data an attacker can specify invalid sizes that result in an exploitable heap corruption. |
| ADDITIONAL DETAILS |
Citrix has issued an update to correct this vulnerability. More details can be found at:
http://support.citrix.com/article/CTX111186 |
| DISCLOSURE TIMELINE |
|
| CREDIT | Eric Detoisien and an anonymous researcher |
