‘Citrix EdgeSight Launcher Service Code Execution Vulnerability’

Summary

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Citrix EdgeSight.’

Credit:

‘The information has been provided by AbdulAziz Hariri.
The original article can be found at: http://www.zerodayinitiative.com/advisories/ZDI-11-226/


Details

Vulnerable Systems:
 * Citrix EdgeSight

Authentication is not required to exploit this vulnerability.

The flaw exists within the LauncherService.exe component which listens by default on TCP port 18747. When handling a request the process trusts a user supplied field in the packet specifying the length of data to follow, the process then copies the user supplied data, without validation, into a fixed-length buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.

Patch Availability:
Citrix has issued an update to correct this vulnerability. More details can be found at:
http://support.citrix.com/article/CTX129699

Disclosure Timeline:
2011-01-21 – Vulnerability reported to vendor
2011-06-27 – Coordinated public release of advisory’

Categories: News