CVE-2006-3779
published 2006-07-24CVE-2006-3779: Citrix MetaFrame up to XP 1.0 Feature 1, except when running on Windows Server 2003, installs a registry key with an insecure ACL, which allows remote…
PriorityP427medium6.5CVSS 2.0
AVNACLAuSCPIPAP
EPSS
1.29%
66.7th percentile
Citrix MetaFrame up to XP 1.0 Feature 1, except when running on Windows Server 2003, installs a registry key with an insecure ACL, which allows remote authenticated users to gain privileges.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citrix | citrix_adm | — | — |
| citrix | citrix_hypervisor | — | — |
| citrix | citrix_virtual_apps_and_desktops | — | — |
| citrix | endpoint_management | — | — |
| citrix | metaframe | — | — |
| citrix | metaframe_presentation_server | — | — |
| citrix | netscaler_adc | — | — |
| citrix | netscaler_gateway | — | — |
| citrix | presentation_server | — | — |
| citrix | xenserver | — | — |
CVSS provenance
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
vendor_redhat5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
openssl: Malformed X.509 IPAdressFamily could cause OOB read
vendor_redhat·2017-08-28·CVSS 5.3
CVE-2017-3735 [MEDIUM] CWE-125 openssl: Malformed X.509 IPAdressFamily could cause OOB read
openssl: Malformed X.509 IPAdressFamily could cause OOB read
While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.
Statement: This flaw only exhibits itself when:
1. OpenSSL is used to display details of a local or a remote certificate.
2. The certificate contains the uncommon RFC 3779 IPAddressFamily extension.
The maximum impact of this flaw is garbled information being displayed, there is no impact on the availability of service using such a certificate. Also this flaw can NOT be used to create specially-crafted certificates. Red Hat Product Security has rated
Citrix
CVE-2006-3779: Citrix MetaFrame up to XP 1.0 Feature 1, except when running on Windows Server 2003, installs a registry key with an insecure ACL, which allows remote
vendor_citrix·2006-07-24·CVSS 6.5
CVE-2006-3779 [MEDIUM] CVE-2006-3779: Citrix MetaFrame up to XP 1.0 Feature 1, except when running on Windows Server 2003, installs a registry key with an insecure ACL, which allows remote
CVE-2006-3779: Citrix MetaFrame up to XP 1.0 Feature 1, except when running on Windows Server 2003, installs a registry key with an insecure ACL, which allows remote authenticated users to gain privileges.
Citrix
Citrix Security Bulletin CTX110492
vendor_citrix·CVSS 6.5
CVE-2006-3779 [MEDIUM] Citrix Security Bulletin CTX110492
Citrix Security Bulletin CTX110492
CVE References: CVE-2006-3779, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
GHSA
GHSA-8626-56wx-533h: Citrix MetaFrame up to XP 1
ghsa_unreviewed·2022-05-01
CVE-2006-3779 [MEDIUM] GHSA-8626-56wx-533h: Citrix MetaFrame up to XP 1
Citrix MetaFrame up to XP 1.0 Feature 1, except when running on Windows Server 2003, installs a registry key with an insecure ACL, which allows remote authenticated users to gain privileges.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://secunia.com/advisories/21076http://securitytracker.com/id?1016526http://support.citrix.com/article/CTX110492http://www.securityfocus.com/bid/19056http://www.vupen.com/english/advisories/2006/2862http://secunia.com/advisories/21076http://securitytracker.com/id?1016526http://support.citrix.com/article/CTX110492http://www.securityfocus.com/bid/19056http://www.vupen.com/english/advisories/2006/2862
2006-07-24
Published