Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: Issues with X11 and Citrix - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Issues with X11 and Citrix

Remote vulnerabilities for two graphical user environments have been announced, four for an environment which has been around since the beginning of distributed computing, and one with a newer contender.

iDefense have released four vulnerabilities for various vendor implementations of the popular X11 implementations. 

Multiple Vendor X Server XInput Extension Multiple Memory Corruption Vulnerabilities (CVE-2007-6427)
Multiple Vendor X Server TOG-CUP Extension Information Disclosure Vulnerability (CVE-2007-6428)
Multiple Vendor X Server EVI and MIT-SHM Extensions Integer Overflow Vulnerabilities (CVE-2007-6429)
Multiple Vendor X Server XFree86-Misc Extension Invalid Array Index Vulnerability (CVE-2007-5760)

ZDI have released the following remotely exploitable vulnerability for the following products:

  • Metaframe Presentation Server 3.0
  • Presentation Server 4.0, 4.5
  • Access Essentials 1.0, 1.5, 2.0
  • Desktop Server 1.0

This vulnerability does not require previous authentication for Citrix.

Citrix Presentation Server IMA Service Heap Overflow Vulnerability (ZDI-08-002)

 

Stephen

89 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!