Citrix Provisioning Services streamprocess.exe Stack Overflow

Added: 02/24/2011
BID: 45914
OSVDB: 70597

Background

Citrix Provisioning Services dynamically provisions virtual servers to simplify and streamline server management, while reducing software rollout risk.

Problem

Citrix Provisioning Service 5.6 and prior are vulnerable to a remotely exploitable stack-based buffer overflow. A remote attacker may exploit this vulnerability to gain access to the server.

Resolution

Apply Service Pack 1 for Citrix Provisioning Services version 5.6.

References

http://support.citrix.com/article/CTX127149
http://www.zerodayinitiative.com/advisories/ZDI-11-023/
http://secunia.com/advisories/42954/

Limitations

Exploit works against Citrix Provisioning Service 5.6.

Platforms

Windows

Back to exploit index