Flaw found in Citrix server client

By Tom Espiner
Special to CNET News.com

Share
- Digg
- Del.icio.us
- Reddit
- Facebook
- Google
- Newsvine
- Yahoo! Bookmarks
- Twitter
- Stumbleupon
E-mail
Print

Related Stories: Citrix acquires Reflectent
May 8, 2006; Citrix buys NetScaler for $300 million
June 2, 2005

A flaw has been found in Citrix's Presentation Server Client, an application that allows remote users to access corporate servers from outside the office.

Versions older than 10.0 could be vulnerable to a buffer overflow which would enable an attacker to compromise a user's machine, according to researcher Karl Lynn of Juniper Networks, who discovered the flaw. Security advisory organization Secunia has rated the vulnerability as highly critical.

The vulnerability is caused by an error in the support for ICA (Independent Computing Architecture) connections through a proxy server. This may be exploited to execute arbitrary code when a user visits a malicious Web site, Citrix warned in an advisory last week.

ICA, designed by Citrix, is a proprietary protocol for application server systems. The protocol gives specifications for passing data between servers and clients, regardless of platform.

The vulnerability currently has no patch. Citrix recommends users protect themselves by upgrading to version 10.0 of Citrix Presentation Server Client.

Tom Espiner of ZDNet UK reported from London.

See more CNET content tagged:
Citrix Systems Inc., Citrix Server, ICA Corp., application server, flaw

Latest tech news headlines

Facebook announces 25 developer grant finalists
Posted in The Social by Caroline McCarthy

October 15, 2008 11:30 AM PDT
Who loves an economic crisis? Yahoo Finance
Posted in News - Digital Media by Stephen Shankland

October 15, 2008 11:14 AM PDT
Windows 7 equals some strange math
Posted in Beyond Binary by Ina Fried

October 15, 2008 10:54 AM PDT
See all headlines

Resource center from CNET News sponsors

You Need The Speed of Norton 2009

Introducing Norton Internet Security™2009

With one-click, one-minute install, under 8MB of memory usage and fewer, shorter scans, it's the fastest security suite anywhere. Norton. Smart Security, Engineered for Speed. Get a FREE trial today!

The Fastest Security Suite Anywhere

Experience the revolutionary Norton Internet Security™ 2009. With Norton™ Insight, a new feature, you get precision security that targets only at risk files for fewer, faster, shorter scans

Win a Trip to Space!*

Enter the Blast Off with Norton Sweepstakes for your shot at a trip to space. You could experience being fast and weightless, just like the new Norton 2009. *No purchase necessary; click for full details.

FREE Trial!

Act now to get your FREE trial of Norton Internet Security 2009. Try it for the protection. Love it for the speed

Norton Safe Web NEW!

A community-based system that rates web site safety

Norton Labs NEW!

Users can download new security technologies and share input directly with developers. Help us shape our future products!

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Inside CNET News

Scroll Left Scroll Right

News - Business Tech
Forrester Research lowers IT spending predictions
Market research company now warns IT spending growth in the U.S. could come in at 2 to 3 percent growth for 2009--and may even decline.
Gallery
Photos: 'Popular Mechanics' breakthroughs
The Open Road
Open source for president? Get real
We're voting for a president, not a software preference.
Beyond Binary
Windows 7 equals some strange math
Although Windows 7 was also the product's code name, the forthcoming version of Windows is not Microsoft's seventh iteration, and it won't carry the version number 7.0.
Video
Apple laptop redesigns and a lower price
News - Digital Media
Who loves an economic crisis? Yahoo Finance
Sites with financial news and data saw record numbers of visitors in September, according to ComScore. Just wait for the October tally.
Video
Apple's latest MacBook Pro
The Social
Facebook announces 25 developer grant finalists
They now have a chance to apply for $225,000 in grant money in the FBfund developer competition's final round--but only if they successfully build the apps first.
News - Cutting Edge
'60 Minutes' video: Drone warfare in Iraq
UAVs like the Predator are a highly valued asset for the U.S. military as it pursues "fleeting and perishable" targets. Lesley Stahl reports.
Gallery
Photos: MacBooks go metallic, with Nvidia inside
Crave
Microsoft offers Memory Upgrade Program for new Xbox Live Experience
Microsoft is offering a memory upgrade program for those 360 owners who do not have the room to install the new Xbox Live.
Green Tech
Home energy monitors getting wise to solar
SolarCity updates its solar panel monitoring software to include home electricity usage, while Open Energy is creating a touch-screen device to track energy usage and production.