Reported October 16, 2001, by Internet Security Systems.
Citrix MetaFrame XP for Windows 2000
Citrix MetaFrame XP SP1 for Windows 2000
Citrix MetaFrame 1.8 for Windows NT
Citrix MetaFrame 1.8 SP3 for Windows NT
A vulnerability exists in the Citrix MetaFrame server application that lets an attacker crash the server, resulting in a Denial of Service (DoS). An improper handling of multiple sessions on the Citrix server causes this DoS condition. By spoofing the protocol that runs between the MetaFrame client and server, an attacker can start multiple fake sessions with the affected server. These sessions typically pass filename and other information from client to server before the system has set up encrypted channels. The server lets an attacker start a maximum of approximately 52 sessions. After these sessions time out, any new sessions that start can cause the server to crash with a blue screen.
Discovered by Justine Bone, Glyn Geoghegan, and Paul Davies of Internet Security Systems.