Vulnerability in Citrix Presentation Server's print provider could result in arbitrary code execution

by Vitaly Popovich [Published on 25 Jan. 2007 / Last Updated on 25 Jan. 2007]

Document ID:
CTX111686

Created:
Jan 23, 2007

Updated:
Jan 23, 2007

Products:
Citrix Presentation Server 4.0 for Microsoft Windows 2003, Citrix Presentation Server 4.0 for Microsoft Windows 2000, Citrix Presentation Server 4.0 x64 Edition, Citrix MetaFrame Presentation Server 3.0 for Microsoft Windows 2000, Citrix MetaFrame Presentation Server 3.0 for Microsoft Windows 2003, Citrix MetaFrame XP 1.0 for Microsoft Windows 2000, Citrix MetaFrame XP 1.0 for Microsoft Windows 2003
Severity: High
Description of Problem
The Citrix print provider is used by Citrix Presentation Server to allow users to print to their local printer from published applications. A buffer overflow vulnerability has been reported in this component, this can be exploited by either:

• A local API call
• An unauthenticated RPC request

This overflow could be used to execute arbitrary code in the context of the Local System account.
This vulnerability is present in all versions of Citrix MetaFrame XP and Presentation Server up to and including 4.0.
Mitigating Factors
Access to the RPC interface would be needed to remotely exploit this issue. In typical deployments of Citrix Presentation Server this interface would not be externally accessible.
What Customers Should Do
A hotfix has been released to address both of these issues. Citrix recommends that affected customers install the hotfix which can be downloaded from the following locations:
MetaFrame XP 1.0 for Windows 2000 Server:
EN - http://support.citrix.com/article/CTX111648
FR - http://support.citrix.com/article/CTX111650
GE - http://support.citrix.com/article/CTX111651
JA - http://support.citrix.com/article/CTX111655
ES - http://support.citrix.com/article/CTX111653
MetaFrame XP 1.0 for Windows Server 2003:
EN - http://support.citrix.com/article/CTX111657
FR - http://support.citrix.com/article/CTX111658
GE - http://support.citrix.com/article/CTX111659
JA - http://support.citrix.com/article/CTX111661
ES - http://support.citrix.com/articl

Document ID: CTX111686
Created: Jan 23, 2007
Updated: Jan 23, 2007
Products: Citrix Presentation Server 4.0 for Microsoft Windows 2003, Citrix Presentation Server 4.0 for Microsoft Windows 2000, Citrix Presentation Server 4.0 x64 Edition, Citrix MetaFrame Presentation Server 3.0 for Microsoft Windows 2000, Citrix MetaFrame Presentation Server 3.0 for Microsoft Windows 2003, Citrix MetaFrame XP 1.0 for Microsoft Windows 2000, Citrix MetaFrame XP 1.0 for Microsoft Windows 2003

Severity: High

Description of Problem

The Citrix print provider is used by Citrix Presentation Server to allow users to print to their local printer from published applications. A buffer overflow vulnerability has been reported in this component, this can be exploited by either:

• A local API call

• An unauthenticated RPC request

This overflow could be used to execute arbitrary code in the context of the Local System account.

This vulnerability is present in all versions of Citrix MetaFrame XP and Presentation Server up to and including 4.0.

Mitigating Factors

Access to the RPC interface would be needed to remotely exploit this issue. In typical deployments of Citrix Presentation Server this interface would not be externally accessible.

What Customers Should Do

A hotfix has been released to address both of these issues. Citrix recommends that affected customers install the hotfix which can be downloaded from the following locations:

MetaFrame XP 1.0 for Windows 2000 Server:

EN - http://support.citrix.com/article/CTX111648

FR - http://support.citrix.com/article/CTX111650

GE - http://support.citrix.com/article/CTX111651

JA - http://support.citrix.com/article/CTX111655

ES - http://support.citrix.com/article/CTX111653

MetaFrame XP 1.0 for Windows Server 2003:

EN - http://support.citrix.com/article/CTX111657

FR - http://support.citrix.com/article/CTX111658

GE - http://support.citrix.com/article/CTX111659

JA - http://support.citrix.com/article/CTX111661

ES - http://support.citrix.com/article/CTX111660

MetaFrame Presentation Server 3.0 for Windows 2000 Server:

EN - http://support.citrix.com/article/CTX111992

FR - http://support.citrix.com/article/CTX111993

GE - http://support.citrix.com/article/CTX111994

JA - http://support.citrix.com/article/CTX111996

ES - http://support.citrix.com/article/CTX111995

MetaFrame Presentation Server 3.0 for Windows Server 2003:

EN - http://support.citrix.com/article/CTX111970

FR - http://support.citrix.com/article/CTX111972

GE - http://support.citrix.com/article/CTX111973

JA - http://support.citrix.com/article/CTX111971

ES - http://support.citrix.com/article/CTX111974

Citrix Presentation Server 4.0 for Windows 2000 Server:

EN - http://support.citrix.com/article/CTX111949

FR - http://support.citrix.com/article/CTX111950

GE - http://support.citrix.com/article/CTX111951

JA - http://support.citrix.com/article/CTX111953

ES - http://support.citrix.com/article/CTX111952

Citrix Presentation Server 4.0 for Windows Server 2003:

EN - http://support.citrix.com/article/CTX111925

FR - http://support.citrix.com/article/CTX111926

GE - http://support.citrix.com/article/CTX111927

JA - http://support.citrix.com/article/CTX111929

ES - http://support.citrix.com/article/CTX111928

Citrix Presentation Server 4.0 for Windows Server 2003 x64 Editions:

EN - http://support.citrix.com/article/CTX111643

FR - http://support.citrix.com/article/CTX111645

GE - http://support.citrix.com/article/CTX111644

JA - http://support.citrix.com/article/CTX111654

ES - http://support.citrix.com/article/CTX111652

Acknowledgements

Citrix thanks TippingPoint and the Zero Day Initiative for working with us to protect customers.

What Citrix Is Doing

Citrix is proactively notifying customers and channel partners about this potential security issue. An article containing the information in this bulletin is available from the Citrix Knowledge Base at http://support.citrix.com/.

Obtaining Support on this Issue

If you require technical assistance with this issue, please contact Citrix Technical Support. Information for contacting Citrix Technical Support is available at http://support.citrix.com/.

Reporting Security Vulnerabilities to Citrix

Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities very seriously. If you would like to report a security issue to Citrix, please compose an e-mail to secure@citrix.com containing the exact version of the product in which the vulnerability was found and steps to reproduce the vulnerability.

Add Review or Comment

Featured Links