Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2008-0356

Buffer overflow in the Independent Management Architecture (IMA) service in Citrix Presentation Server (MetaFrame Presentation Server) 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 allows remote attackers to execute arbitrary code via an invalid size value in a packet to TCP port 2512 or 2513.

Published

2008-01-18T22:00:00.000

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 10.0 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

10.0

Impact Score

10.0

Weaknesses

Type: Primary
CWE-119

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	citrix	access_essentials	≤ 2.0	Yes
Application	citrix	desktop_server	1.0	Yes
Application	citrix	metaframe_presentation_server	≤ 4.5	Yes
Application	citrix	presentation_server	*	Yes

References

http://secunia.com/advisories/28508 Vendor Advisory ([email protected])
http://support.citrix.com/article/CTX114487 Patch ([email protected])
http://www.kb.cert.org/vuls/id/412228 US Government Resource ([email protected])
http://www.securityfocus.com/archive/1/486585/100/0/threaded ([email protected])
http://www.securityfocus.com/bid/27329 ([email protected])
http://www.securitytracker.com/id?1019231 ([email protected])
http://www.vupen.com/english/advisories/2008/0172 ([email protected])
http://zerodayinitiative.com/advisories/ZDI-08-002.html ([email protected])
http://secunia.com/advisories/28508 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://support.citrix.com/article/CTX114487 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.kb.cert.org/vuls/id/412228 US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/486585/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/27329 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1019231 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2008/0172 (af854a3a-2127-422b-91ae-364da2661108)
http://zerodayinitiative.com/advisories/ZDI-08-002.html (af854a3a-2127-422b-91ae-364da2661108)