Vulnerability Description
Buffer overflow in the Independent Management Architecture (IMA) service in Citrix Presentation Server (MetaFrame Presentation Server) 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 allows remote attackers to execute arbitrary code via an invalid size value in a packet to TCP port 2512 or 2513.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Citrix | Access Essentials | <= 2.0 |
| Citrix | Desktop Server | 1.0 |
| Citrix | Metaframe Presentation Server | <= 4.5 |
| Citrix | Presentation Server | All versions |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/28508Vendor Advisory
- http://support.citrix.com/article/CTX114487Patch
- http://www.kb.cert.org/vuls/id/412228US Government Resource
- http://www.securityfocus.com/archive/1/486585/100/0/threaded
- http://www.securityfocus.com/bid/27329
- http://www.securitytracker.com/id?1019231
- http://www.vupen.com/english/advisories/2008/0172
- http://zerodayinitiative.com/advisories/ZDI-08-002.html
- http://secunia.com/advisories/28508Vendor Advisory
- http://support.citrix.com/article/CTX114487Patch
- http://www.kb.cert.org/vuls/id/412228US Government Resource
- http://www.securityfocus.com/archive/1/486585/100/0/threaded
- http://www.securityfocus.com/bid/27329
- http://www.securitytracker.com/id?1019231
- http://www.vupen.com/english/advisories/2008/0172
FAQ
What is CVE-2008-0356?
CVE-2008-0356 is a vulnerability with a CVSS score of 10.0 (HIGH). Buffer overflow in the Independent Management Architecture (IMA) service in Citrix Presentation Server (MetaFrame Presentation Server) 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop S...
How severe is CVE-2008-0356?
CVE-2008-0356 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-0356?
Check the references section above for vendor advisories and patch information. Affected products include: Citrix Access Essentials, Citrix Desktop Server, Citrix Metaframe Presentation Server, Citrix Presentation Server.