Update Protection against Citrix Provisioning Services streamprocess.exe Stack Buffer Overflow Vulnerability
| Check Point Reference: | CPAI-2011-250 | |
| Date Published: | ||
| Severity: | ||
| Source: | Secunia Advisory: SA42954 | |
| Protection Provided by: |
Security Gateway
|
|
|
Who is Vulnerable? Citrix Systems Provisioning Services 5.6 and prior |
||
| Vulnerability Description A stack buffer overflow vulnerability has been reported in Citrix Provisioning Service. Citrix Provisioning Service allows computers to obtain application from the network in real-time. Administrators can prepare a master device for imaging purposes by creating a vDisk image that would be stored on a Provisioning Server. Then, this vDisk would be used by devices to boot directly from the network. A remote attacker may exploit this vulnerability to execute code on an affected system. |
||
|
Update/Patch Available The vendor, Critix, has released an advisory addressing this vulnerability. |
|
|
Vulnerability Details The vulnerability is due to a boundary error when handling a specially crafted packet to the Provisioning Services server. A remote attacker could exploit this issue by sending a malicious packets to the target service. Successful exploitation of this vulnerability may allow remote attackers to execute arbitrary code on the target machine within the security context of the service, and may cause the vulnerable server to terminate abnormally. |
Protection Overview
This protection will detect and block specially crafted packets sent to the Provisioning Services server.
In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, Protection taband select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.