|
|
>> Citrix Program Neighborhood Client Overflow and Inormation Disclosure
|
Title : Citrix Program Neighborhood Client Overflow and Inormation Disclosure
VUPEN ID : VUPEN/ADV-2005-2944
CVE ID : CVE-2005-3652 - CVE-2005-4412
Rated as : Moderate Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2005-12-16
|
|
Two vulnerabilities were identified in Citrix Program Neighborhood Client, which could be exploited by attackers to execute arbitrary commands or disclose sensitive information.
The first issue is due to a buffer overflow error in the UDP based application enumeration mechanism that does not properly handle overly long application names, which could be exploited by attackers to compromise a vulnerable system. For this vulnerability to be exploited the client would have to be explicitly configured to point to a malicious UDP server, or a malicious UDP server would have to be installed on the same subnet as the client.
The second flaw is due to an error in the mechanism used to cache user passwords, which could be exploited by a malicious user to extract the clear text password using a password viewing tool.
Credits
Vulnerabilities reported by iDEFENSE and Dr. Alex Danilychev
ChangeLog
2005-12-16 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
