Reported October 16, 2001, by Internet Security Systems.
VERSIONS AFFECTED
-
Citrix MetaFrame XP for Windows 2000
-
Citrix MetaFrame XP SP1 for Windows 2000
-
Citrix MetaFrame 1.8 for Windows NT
-
Citrix MetaFrame 1.8 SP3 for Windows NT
DESCRIPTION
A
vulnerability exists in the Citrix MetaFrame server application that lets an
attacker crash the server, resulting in a Denial of Service (DoS). An improper
handling of multiple sessions on the Citrix server
causes this DoS condition. By spoofing the protocol that
runs between the MetaFrame client and server, an attacker can start multiple
fake sessions with the affected server. These sessions typically pass filename
and other information from client to server before the system has set up
encrypted channels. The server lets an attacker start a maximum of approximately
52 sessions. After these sessions time out, any new sessions that start can
cause the server to crash with a blue screen.
VENDOR RESPONSE
The vendor, Citrix, recommends that users install the appropriate hotfixes that the vendor will make available soon.
CREDIT
Discovered by Justine Bone, Glyn Geoghegan, and Paul Davies of Internet
Security Systems.