Citrix MetaFrame Insecure Default Registry Key Permissions
Thursday, 20 July 2006 by Michel Roth
The installers for some versions of MetaFrame add a registry key with an insecure access control list. On vulnerable servers this registry key could potentially be used to elevate the privileges of authenticated users.

This vulnerability is present in versions of MetaFrame up to and including MetaFrame XP 1.0 Feature Release 1. Installations of later versions of MetaFrame and Presentation Server could also be affected if they have at some point been upgraded from a vulnerable version. Any server running on Windows Server 2003 will not be affected by this as none of the versions supported on this platform add the insecure access control list.

This vulnerability cannot be exploited by anonymous users; to be able to exploit this an attacker would need to be able to log on locally to the server, or be able to make remote registry key changes.

Read more in CTX110492 here.

Related Items:

Citrix Presentation Server And MetaFrame Print Provider Buffer Overflow Vulnerability (24 January 2007)
Vulnerability In Citrix Presentations Server Session Reliability (23 May 2007)
Microsoft Security Updates For July 2005 (13 July 2005)
CTX Document: Presentation Server Installs A Vulnerable JRE (14 March 2005)
Security Updates Summary For May 2006 (9 May 2006)
November's Hotfix: Microsoft Security Bulletin MS05-053 (10 November 2005)
Two Vulnerabilities In Presentation Server's IMA Service (9 November 2006)
Citrix MetaFrame Web Client Access Restriction Bypass Vulnerability (11 April 2005)
Arbitrary Code Execution Vulnerability in IMA (16 January 2008)
Wyse Winterm 1125SE IP Option Length Denial of Service (12 August 2005)
Comments (0)add feed
Show/Hide comment formtoggle
password
 

busy