----------------------------------------------------------------------

Secunia Network Software Inspector 2.0 (NSI) - Public Beta

The Public Beta has ended. Thanks to all that participated.

Learn more:
http://secunia.com/network_software_inspector_2/

----------------------------------------------------------------------

TITLE:
Citrix Presentation Server Weakness and Unauthorised Access

SECUNIA ADVISORY ID:
SA30271

VERIFY ADVISORY:
http://secunia.com/advisories/30271/

CRITICAL:
Less critical

IMPACT:
Security Bypass

WHERE:
>From local network

SOFTWARE:
Citrix Presentation Server 4.x
http://secunia.com/product/5270/
Citrix Access Essentials 1.x
http://secunia.com/product/14311/
Citrix Access Essentials 2.x
http://secunia.com/product/16553/
Citrix Desktop Server 1.x
http://secunia.com/product/17223/

DESCRIPTION:
A vulnerability and a weakness have been reported in Citrix
Presentation Server, which can be exploited by malicious users to
bypass certain security restrictions.

1) An unspecified error within access control to published
applications and published desktops can be exploited to access a
desktop session without authorisation.

2) A weakness in Citrix Presentation Server when using SecureICA or
ICA Basic encryption may allow a client to establish a connection
with encryption settings that are lower than the minimum configured
by the administrator.

NOTE: This weakness does not affect the use of SSL/TLS by Citrix
Presentation Server.

The vulnerability and weakness affect the following products and
versions:
* Citrix Presentation Server 4.5 for Windows Server 2003
* Citrix Presentation Server 4.5 for Windows Server 2003 x64
Editions
* Citrix Presentation Server 4.0 for Windows 2000 Server (only
affected by vulnerability #1)
* Citrix Presentation Server 4.0 for Windows Server 2003
* Citrix Access Essentials 2.0
* Citrix Access Essentials 1.5
* Citrix Access Essentials 1.0
* Citrix Desktop Server 1.0 for Windows Server 2003
* Citrix Desktop Server 1.0 for Windows Server 2003 x64 Editions
(only affected by vulnerability #1)

SOLUTION:
Apply hotfixes (see vendor advisories for details).
http://support.citrix.com/article/CTX116941
http://support.citrix.com/article/CTX114893

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
CTX114893:
http://support.citrix.com/article/CTX114893

CTX116941:
http://support.citrix.com/article/CTX116941

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------