Subscriptions | RSS Feeds | Discussions | Polls | Site Map




All Threats

Viruses

Hackers

Spam
Whole site    Viruses
  
About Hackers
Analysis
News
Glossary
Weblog


Software Vulnerabilities
Hacker Attack Detection
Hacker Mentality
Timeline of Incidents
Major Personalities
Hackers and Law

 
Virus Encyclopedia
Virus Encyclopedia

Learn about worms, viruses, Trojans and more in our Virus Encyclopedia.
About Spam
About Spam

Read about spam and spammers in our About Spam section.

 		 

  Home / Hackers / About Hackers / Software Vulnerabilities / Examples and Descriptions / SA13246

Citrix MetaFrame Presentation Server Client Debugging Security Issue

Secunia ID

SA13246
Release Date

22 Nov 2004
Last Change

26 Apr 2005
Criticality

Not Critical
Solution Status

Vendor Patch
Software

Citrix ICA Clients 6.x
Citrix ICA Clients 7.x
Citrix Program Neighborhood Agent 8.x
Citrix Program Neighborhood Client 8.x
Citrix Web Client 8.x
Where

Local system
Impact
Exposure of sensitive information

Vulnerabilities where documents or credentials are leaked or can be revealed either locally or from remote.
Description

A security issue has been reported in Citrix MetaFrame Presentation Server Client, which can be exploited by malicious users to gain knowledge of sensitive information.

The problem is that the client includes a debugging feature (disabled by default), which can be used to create a log file of the keyboard scan codes sent during an ICA connection. This can be exploited to gain knowledge of sensitive information (e.g. another user's credentials) by tricking that user into using a client with the debugging feature enabled.

The security issue affects version 8.0 and prior of the following Windows clients:
* ICA Win32 Web Client
* ICA Win32 Program Neighborhood Client
* ICA Win32 Program Neighborhood Agent
Solution

Version 8.1 does not include this functionality.
http://www.citrix.com/site/SS/downloads/details.asp?dID=2755&downloadID=13336&pID=186
Reported by

The vendor credits the following people:
* Andre van der Lingen, Interpay Netherlands.
* Robert-Jan Mora, Hoffmann Investigations.
Original Advisory

Citrix:
http://support.citrix.com/kb/entry.jspa?entryID=5536&categoryID=149

Hoffmann:
http://www.hoffmannbv.nl/forensisch/nieuws/citrixkeyboardlogger.html



 

Copyright © 1996 - 2010
Kaspersky Lab
Industry-leading Antivirus Software
All rights reserved
 

Email: webmaster@viruslist.com