Issues with X11 and Citrix

Published: 2008-01-18
Last Updated: 2008-01-18 08:22:17 UTC
by Stephen Hall (Version: 1)
0 comment(s)

Remote vulnerabilities for two graphical user environments have been announced, four for an environment which has been around since the beginning of distributed computing, and one with a newer contender.

iDefense have released four vulnerabilities for various vendor implementations of the popular X11 implementations. 

Multiple Vendor X Server XInput Extension Multiple Memory Corruption Vulnerabilities (CVE-2007-6427)
Multiple Vendor X Server TOG-CUP Extension Information Disclosure Vulnerability (CVE-2007-6428)
Multiple Vendor X Server EVI and MIT-SHM Extensions Integer Overflow Vulnerabilities (CVE-2007-6429)
Multiple Vendor X Server XFree86-Misc Extension Invalid Array Index Vulnerability (CVE-2007-5760)

ZDI have released the following remotely exploitable vulnerability for the following products:

  • Metaframe Presentation Server 3.0
  • Presentation Server 4.0, 4.5
  • Access Essentials 1.0, 1.5, 2.0
  • Desktop Server 1.0

This vulnerability does not require previous authentication for Citrix.

Citrix Presentation Server IMA Service Heap Overflow Vulnerability (ZDI-08-002)


0 comment(s)


Diary Archives