Citrix Access Gateway Plug-in for Windows ActiveX Control Multiple Vulnerabilities (CTX129902)

high Nessus Plugin ID 55653

Language:

Synopsis

The remote Windows host has an ActiveX control that is affected by multiple vulnerabilities.

Description

The Citrix Access Gateway ActiveX control for Citrix Access Gateway Enterprise Edition is installed on the remote Windows host. It is the ActiveX component of the Citrix Access Gateway Plug-in for Windows and provides an SSL-based VPN via a web browser.

The installed version of this control is affected by the following vulnerabilities that could lead to arbitrary code execution :

- The control loads a dynamic link library (DLL) when processing HTTP header data from the Access Gateway server without properly ensuring that the DLL has a valid signature. (ZDI 928)

- The control copies HTTP header data from the Access Gateway server into a fixed-size stack buffer without verifying the size of the data, which could result in a buffer overflow. (ZDI 929)

Solution

Either set the kill bit for the control or upgrade to Citrix Access Gateway Enterprise Edition 8.1-67.7 / 9.0-70.5 / 9.1-96.4 or later.

Plugin Details

Severity: High

ID: 55653

File Name: citrix_access_gateway_activex_ctx129902.nasl

Version: 1.13

Type: local

Agent: windows

Family: Windows

Published: 7/22/2011

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:citrix:access_gateway

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/13/2011

Vulnerability Publication Date: 7/14/2011

Exploitable With

Core Impact

Metasploit (Citrix Gateway ActiveX Control Stack Based Buffer Overflow Vulnerability)

Reference Information

CVE: CVE-2011-2882, CVE-2011-2883

BID: 48676

Detections

Analytics