TITLE: Citrix Program Neighborhood Client Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA18068 VERIFY ADVISORY: http://secunia.com/advisories/18068/ CRITICAL: Moderately critical IMPACT: System access WHERE: >From local network SOFTWARE: Citrix Program Neighborhood Client 9.x http://secunia.com/product/5221/ Citrix Program Neighborhood Client 8.x http://secunia.com/product/4985/ DESCRIPTION: A vulnerability has been reported in Citrix Program Neighborhood Client, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to boundary error in the client when handling UDP-based application enumeration replies. This can be exploited to cause a buffer overflow via an overly long application name in a specially crafted UDP packet. Successful exploitation requires that the client is configured to communicate with a malicious server, or a malicious server is installed on the same subnet as the client. The vulnerability has been reported in version 9.1 and prior, for 32-bit and 64-bit Windows. Note: It is also reportedly possible to reveal the user's cached password by using a viewing tool to extract the clear text password from the password field. Password caching is not enabled by default. SOLUTION: Update to version 9.150 or later. http://www.citrix.com/English/SS/downloads/downloads.asp?dID=2755 PROVIDED AND/OR DISCOVERED BY: The vendor credits iDEFENSE and Dr. Alex Danilychev. ORIGINAL ADVISORY: http://support.citrix.com/article/CTX108354 http://support.citrix.com/article/CTX108108 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------