The Session Reliability Service (XTE) in Citrix MetaFrame Presentation Server 3.0, Presentation Server 4.0, and Access Essentials 1.0 and 1.5, allows remote attackers to bypass network security policies and connect to arbitrary TCP ports via a modified address:port string. The vendor has addressed this issue with the following product updates:
MetaFrame Presentation Server 3.0 for Windows 2000 Server:
EN - http://support.citrix.com/article/CTX112818
FR - http://support.citrix.com/article/CTX112821
DE - http://support.citrix.com/article/CTX112819
JA - http://support.citrix.com/article/CTX112820
ES - http://support.citrix.com/article/CTX112822
MetaFrame Presentation Server 3.0 for Windows Server 2003:
EN - http://support.citrix.com/article/CTX112813
FR - http://support.citrix.com/article/CTX112816
DE - http://support.citrix.com/article/CTX112814
JA - http://support.citrix.com/article/CTX112815
ES - http://support.citrix.com/article/CTX112817
Citrix Presentation Server 4.0 for Windows 2000 Server:
EN - http://support.citrix.com/article/CTX112844
FR - http://support.citrix.com/article/CTX112847
DE - http://support.citrix.com/article/CTX112845
JA - http://support.citrix.com/article/CTX112848
ES - http://support.citrix.com/article/CTX112846
Citrix Presentation Server 4.0 for Windows Server 2003:
EN - http://support.citrix.com/article/CTX112839
FR - http://support.citrix.com/article/CTX112842
DE - http://support.citrix.com/article/CTX112840
JA - http://support.citrix.com/article/CTX112843
ES - http://support.citrix.com/article/CTX112841
Citrix Presentation Server 4.0 for Windows Server 2003 x64 Editions:
EN - http://support.citrix.com/article/CTX112886
FR - http://support.citrix.com/article/CTX112887
DE - http://support.citrix.com/article/CTX112888
JA - http://support.citrix.com/article/CTX112890
ES - http://support.citrix.com/article/CTX112889
Citrix Access Essentials 1.0:
EN - http://support.citrix.com/article/CTX112839
FR - http://support.citrix.com/article/CTX112842
DE - http://support.citrix.com/article/CTX112840
ES - http://support.citrix.com/article/CTX112841
Citrix Access Essentials 1.5:
EN - http://support.citrix.com/article/CTX112839
FR - http://support.citrix.com/article/CTX112842
DE - http://support.citrix.com/article/CTX112840
ES - http://support.citrix.com/article/CTX112841
Publication date: Thu, 24 May 2007 23:30:00 +0000