Citrix Provisioning Services OpCode 40020010 Stack Overflow

Added: 07/08/2011
BID: 45914
OSVDB: 70597

Background

Citrix Provisioning Services dynamically provisions virtual servers to simplify and streamline server management, while reducing software rollout risk.

Problem

Citrix Provisioning Service 5.6 and prior are vulnerable to a remotely exploitable stack-based buffer overflow. A remote attacker may exploit this vulnerability to gain access to the server.

Resolution

Apply Service Pack 1 for Citrix Provisioning Services version 5.6.

References

http://support.citrix.com/article/CTX127149
http://www.zerodayinitiative.com/advisories/ZDI-11-023/
http://secunia.com/advisories/42954/

Limitations

This exploit has been tested against Citrix Systems Provisioning Services 5.6 on Windows Server 2003 SP2 English (DEP OptOut).

Platforms

Windows

Back to exploit index