CVE-2006-5821 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Citrix Metaframe

3 documents3 sources

Severity

7.5HIGHNVD

EPSS

9.4%

top 7.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Citrix Metaframe Citrix Metaframe Presentation Server Citrix ADM +6 more

Timeline

PublishedNov 10

Latest updateMay 1

Description

Heap-based buffer overflow in the IMA_SECURE_DecryptData1 function in ImaSystem.dll for Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to execute arbitrary code via requests to the Independent Management Architecture (IMA) service (ImaSrv.exe) with invalid size values that trigger the overflow during decryption.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages9 packages

▶NVDcitrix/metaframe_presentation_server4.0

▶NVDcitrix/metaframe1.0, 3.0+1

▶citrixcitrix/xenserver

▶citrixcitrix/endpoint_management

▶citrixcitrix/citrix_adm

Patches

Patch: support.citrix.com ↗Patch: support.citrix.com ↗

🔴Vulnerability Details

GHSA

GHSA-qqw2-f4rr-7m6p: Heap-based buffer overflow in the IMA_SECURE_DecryptData1 function in ImaSystem↗2022-05-01

▶

📋Vendor Advisories

Citrix

Citrix Security Bulletin CTX111186↗

▶