CVE-2006-3779 — Out-of-bounds Read in Citrix Metaframe

CWE-125 — Out-of-bounds Read5 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.9%

top 23.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Citrix Metaframe Citrix Metaframe Presentation Server Citrix Presentation Server +7 more

Timeline

PublishedJul 24

Latest updateMay 1

Description

Citrix MetaFrame up to XP 1.0 Feature 1, except when running on Windows Server 2003, installs a registry key with an insecure ACL, which allows remote authenticated users to gain privileges.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages10 packages

▶NVDcitrix/metaframe_presentation_server3.0

▶NVDcitrix/metaframe1.8

▶citrixcitrix/xenserver

▶NVDcitrix/presentation_server4.0

▶citrixcitrix/citrix_adm

Patches

Patch: secunia.com ↗Patch: support.citrix.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-8626-56wx-533h: Citrix MetaFrame up to XP 1↗2022-05-01

▶

📋Vendor Advisories

Red Hat

openssl: Malformed X.509 IPAdressFamily could cause OOB read↗2017-08-28

▶

Citrix

CVE-2006-3779: Citrix MetaFrame up to XP 1.0 Feature 1, except when running on Windows Server 2003, installs a registry key with an insecure ACL, which allows remote↗2006-07-24

▶

Citrix

Citrix Security Bulletin CTX110492↗

▶