CVE-2006-5821
Citrix MetaFrame IMA Management Module Remote Heap Overflow Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Heap-based buffer overflow in the IMA_SECURE_DecryptData1 function in ImaSystem.dll for Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to execute arbitrary code via requests to the Independent Management Architecture (IMA) service (ImaSrv.exe) with invalid size values that trigger the overflow during decryption.
Desbordamiento del búfer basado en montón en la función IMA_SECURE_DecryptData1 en la ImaSystem.dll para el Citrix MetaFrame XP 1.0 y 2.0, y Presentation Server 3.0 y 4.0, permite a atacantes remotos ejecutar código de su elección mediante una petición en el Independent Management Architecture (IMA) al servicio (ImaSrv.exe) con tamaños de valores no válidos que disparen el desbordamiento durante la desencriptación.
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Citrix MetaFrame Presentation Server. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the routine IMA_SECURE_DecryptData1() defined in ImaSystem.dll and is reachable through the Independant Management Architecture (IMA) service (ImaSrv.exe) that listens on TCP port 2512 or 2513. The encryption scheme used is reversible and relies on several 32-bit fields indicating the size of the packet and the offsets to the authentication strings. During the decryption of authentication data an attacker can specify invalid sizes that result in an exploitable heap corruption.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2006-11-08 CVE Reserved
- 2006-11-09 CVE Published
- 2023-08-07 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/22802 | Third Party Advisory | |
| http://securitytracker.com/id?1017205 | Vdb Entry | |
| http://www.securityfocus.com/archive/1/451337/100/100/threaded | Mailing List | |
| http://www.securityfocus.com/bid/20986 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2006/4429 | Vdb Entry | |
| http://www.zerodayinitiative.com/advisories/ZDI-06-038.html | X_refsource_misc |
|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/30148 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://support.citrix.com/article/CTX111186 | 2018-10-17 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Citrix Search vendor "Citrix" | Metaframe Search vendor "Citrix" for product "Metaframe" | 1.0 Search vendor "Citrix" for product "Metaframe" and version "1.0" | windows_2000 |
Affected
| ||||||
| Citrix Search vendor "Citrix" | Metaframe Search vendor "Citrix" for product "Metaframe" | 3.0 Search vendor "Citrix" for product "Metaframe" and version "3.0" | microsoft_windows_2000 |
Affected
| ||||||
| Citrix Search vendor "Citrix" | Metaframe Presentation Server Search vendor "Citrix" for product "Metaframe Presentation Server" | 4.0 Search vendor "Citrix" for product "Metaframe Presentation Server" and version "4.0" | 64-bit |
Affected
| ||||||
| Citrix Search vendor "Citrix" | Metaframe Presentation Server Search vendor "Citrix" for product "Metaframe Presentation Server" | 4.0 Search vendor "Citrix" for product "Metaframe Presentation Server" and version "4.0" | microsoft_windows_2000 |
Affected
| ||||||
| Citrix Search vendor "Citrix" | Metaframe Presentation Server Search vendor "Citrix" for product "Metaframe Presentation Server" | 4.0 Search vendor "Citrix" for product "Metaframe Presentation Server" and version "4.0" | microsoft_windows_2003 |
Affected
| ||||||