Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2011.0047
Vulnerability in Citrix Access Gateway legacy authentication
support could result in command injection
17 January 2011
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Citrix Access Gateway 4.5 Advanced Edition
Citrix Access Gateway 4.5 Standard Edition
Citrix Access Gateway 4.6 Advanced Edition
Citrix Access Gateway 4.6 Standard Edition
Citrix Access Gateway 8.0 Enterprise Edition
Citrix Access Gateway 8.1 Enterprise Edition
Citrix Access Gateway 9.0 Enterprise Edition
Citrix Access Gateway 9.1 Enterprise Edition
Citrix Access Gateway 9.2 Enterprise Edition
Citrix Access Gateway VPX 4.6
Publisher: Citrix
Operating System: Network Appliance
Impact/Access: Root Compromise -- Remote/Unauthenticated
Resolution: Mitigation
CVE Names: CVE-2010-4566
Original Bulletin:
http://support.citrix.com/article/CTX127613
- --------------------------BEGIN INCLUDED TEXT--------------------
Vulnerability in Citrix Access Gateway legacy authentication support could
result in command injection
Document ID: CTX127613 / Created On: 14-Dec-2010 / Updated On:
13-Jan-2011
Average Rating: 3 (2 ratings)
Severity: High
Description of Problem
A vulnerability has been identified in the NT4 authentication component of
Access Gateway Enterprise, and the NTLM authentication component of Access
Gateway Standard Edition that, when exploited, could allow an attacker to
subvert the authentication process. In some cases, this could result in the
attacker being able to execute commands on the appliance in the context of
the root user.
This vulnerability only affects Access Gateway customers that are using the
authentication methods specified above.
The vulnerable components are present in all versions of Access Gateway
Enterprise Edition prior to version 9.2-49.8, and all versions of the Access
Gateway Standard and Advanced Editions prior to Access Gateway 5.0.
What Customers Should Do
The use of the vulnerable authentication methods has been deprecated in the
Access Gateway product line, and support for these methods has also been
removed from the latest versions of these products.
Citrix recommends that affected customers review their use of the deprecated
components, and migrate to another authentication method.
Acknowledgements
Citrix thanks George Gal of VSR (http://www.vsecurity.com/) for working with
us to protect Citrix customers
What Citrix Is Doing
Citrix is notifying customers and channel partners about this potential
security issue. This article is also available from the Citrix Knowledge
Center at http://support.citrix.com/.
Obtaining Support on This Issue
If you require technical assistance with this issue, please contact Citrix
Technical Support. Contact details for Citrix Technical Support are available
at http://www.citrix.com/site/ss/supportContacts.asp.
Reporting Security Vulnerabilities to Citrix
Citrix welcomes input regarding the security of its products and considers any
and all potential vulnerabilities seriously. If you would like to report a
security issue to Citrix, please compose an e-mail to secure@citrix.com stating
the exact version of the product in which the vulnerability was found and the
steps needed to reproduce the vulnerability
This document applies to:
* Access Gateway 4.5 Advanced Edition
* Access Gateway 4.5 Standard Edition
* Access Gateway 4.6 Advanced Edition
* Access Gateway 4.6 Standard Edition
* Access Gateway 8.0 Enterprise Edition
* Access Gateway 8.1 Enterprise Edition
* Access Gateway 9.0 Enterprise Edition
* Access Gateway 9.1 Enterprise Edition
* Access Gateway 9.2 Enterprise Edition
* Access Gateway VPX 4.6
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iD8DBQFNM7OC/iFOrG6YcBERAjoCAKDFNbubiiOXYWoF5BvExed7d1d5iQCgw3JI
j/V1Z9JmTQMrhWtC5Xp9GsM=
=9poc
-----END PGP SIGNATURE-----