Saturday, October 19, 2019
Citrix

Authentication Bypass Vulnerability in Citrix ADC and Citrix Gateway Management Interface

CTX261055 NewApplicable Products :  Citrix ADC, Citrix Gateway, NetScaler GatewayA vulnerability has been identified in the management interface of Citrix Application Delivery Controller (ADC) formerly known as NetScaler ADC and Citrix Gateway formerly known as NetScaler Gateway that, if exploited, could allow...
Citrix

CVE-2019-TBD – Citrix Application Delivery Management (ADM) Console Security Update

CTX261735 NewApplicable Products :  Citrix Application Delivery ManagementAn authorisation bypass vulnerability was discovered in the Citrix Application Delivery Management (ADM) server. The vulnerability allows a Citrix ADM user with read-only privilege to access a managed instances with admin level permissions....
Citrix

Multiple Vulnerabilities in Citrix License Server for Windows and VPX

CTX261963 NewApplicable Products :  LicensingMultiple Denial-of-Service vulnerabilities have been identified in Citrix License Server for Windows and VPX that, when exploited, could result in an attacker being able to force the vendor service to shutdown. These vulnerabilities have been assigned...
Citrix

Citrix SD-WAN Security Update

CTX256918 NewApplicable Products :  Citrix SD-WANMultiple denial of service vulnerabilities have been identified in the Citrix SD-WAN Appliance and Citrix SD-WAN Center Management Console. These vulnerabilities could permit a remote attacker to cause a denial of service by causing a...
Citrix

CVE-2019-13609 – CRLF Vulnerability in Citrix License Server for Windows and VPX

CTX257644 UpdatedApplicable Products :  LicensingA Carriage Return Line Feed (CRLF) injection vulnerability has been identified in Citrix License Server for Windows and VPX that could allow an unauthenticated attacker to bypass authentication and allow a malicious website to read or...
Citrix

CVE-2008-1447 – Vulnerability in NetScaler and Access Gateway Enterprise Edition could result in DNS Cache Poisoning

CTX117991 UpdatedApplicable Products :  Access Gateway 8.0 Enterprise Edition, Access Gateway 8.1 Enterprise Edition, NetScaler 8.0, NetScaler 8.1Description of ProblemA vulnerability has been identified in the Citrix NetScaler and Access Gateway Enterprise Edition appliances that could result in Domain Name System (DNS) cache...
Citrix

CVE-2007-5497 – Vulnerability in XenServer could result in privilege escalation and arbitrary code execution

CTX118766 UpdatedApplicable Products :  XenServer 4.0, XenServer 4.1Description of ProblemA vulnerabilitly has been identified in Citrix XenServer that could result in attackers escaping a guest domain and potentially executing arbitrary code in in the control domain.This vulnerability has been assigne
Citrix

CVE-2008-1447 – Vulnerability in Access Gateway Standard and Advanced Edition Appliance firmware could result in DNS Cache Poisoning

CTX118183 UpdatedApplicable Products :  Access Gateway 4.5 Advanced Edition, Access Gateway 4.5 Standard EditionDescription of ProblemA vulnerability has been identified in the Access Gateway Standard and Advanced Edition appliance firmware that could affect the functionality of Domain Name System (DNS) forwarding...
Citrix

CVE-2008-4609 – Vulnerability in Citrix NetScaler and Citrix Access Gateway Enterprise Edition Could Result in Denial of Service

CTX123649 UpdatedApplicable Products :  Access Gateway 7.0 Enterprise Edition, Access Gateway 8.0 Enterprise Edition, Access Gateway 8.1 Enterprise Edition, Access Gateway 9.0 Enterprise Edition, Access Gateway 9.1 Enterprise Edition, NetScaler 8.0, NetScaler 8.1, NetScaler 9.0, NetScaler 9.1, NetScaler VPX 9.1Description of ProblemA vulnerability has been identified in the NetScaler...
Citrix

CVE-2009-2631 – Vulnerability in Clientless SSL VPN Products Could Result in Policy Bypass

CTX123610 UpdatedApplicable Products :  Access Gateway 4.5 Advanced Edition, Access Gateway 8.1 Enterprise Edition, Access Gateway 9.0 Enterprise Edition, Access Gateway 9.1 Enterprise Edition, NetScaler VPX 9.1Description of ProblemA vulnerability has been disclosed by CERT that affects SSL VPN products, including the Clientless VPN...
Citrix

CVE-2009-1389 – Vulnerability in XenServer 5.0 and 5.5 Could Result in Arbitrary Code Execution

CTX123453 UpdatedApplicable Products :  XenServer 5.5Description of ProblemThe RealTek 8169 Linux network adaptor driver used in XenServer fails to correctly handle long packets. This could result in denial of service (hard crash of the host) or remote execution of code.This...
Citrix

CVE-2009-3555 – Transport Layer Security Renegotiation Vulnerability

CTX123359 UpdatedApplicable Products :  Access Gateway 4.5 Advanced Edition, Access Gateway 4.5 Standard Edition, Access Gateway 4.6 Standard Edition, Access Gateway 8.0 Enterprise Edition, Access Gateway 8.1 Enterprise Edition, Access Gateway 9.0 Enterprise Edition, Access Gateway 9.1 Enterprise Edition, Application Firewall Software 5.5, Application Firewall Software 8.0, Application Firewall...
Citrix

CVE-2009-3555 – Vulnerability in Citrix Online Plug-ins and ICA Clients Could Result in SSL/TLS Certificate Spoofing

CTX123248 UpdatedApplicable Products :  Java Client, Macintosh Client, UNIX Client, XenApp Plug-in for Windows (32 64 Bit)Description of ProblemA vulnerability has been identified in the Citrix Online Plug-ins and ICA Clients for XenApp and XenDesktop that could allow an attacker to impersonate an...
Citrix

CVE-2012-4603 – Vulnerability in Citrix Receiver with Online Plug-in for Windows could result in arbitrary code execution

CTX134681 UpdatedApplicable Products :  Receiver for Windows, XenApp Plug-in for Windows (32 64 Bit)Description of ProblemA vulnerability has been identified in the Citrix Receiver with Online Plug-in for Windows that could potentially allow an attacker to execute arbitrary code on the...
Citrix

CVE-2012-6314 – Weakness in Citrix XenDesktop could result in inconsistent propagation of USB redirection policy changes

CTX135813 UpdatedApplicable Products :  XenDesktop 5, XenDesktop 5.5, XenDesktop 5.6, XenDesktop 5.6 Common CriteriaDescription of ProblemThe USB redirection feature of Citrix XenDesktop allows a user to redirect USB devices on the client to their XenDesktop Virtual Desktop Agent (VDA).A weakness has been identified...
The Register

Deus ex hackina: It took just 10 minutes to find data-divulging demons corrupting Pope’s Click to Pray eRosary app

Vatican coders exorcise API gremlins but, we must confess, they missed little monster.... Exclusive  The technology behind the Catholic Church’s latest innovation, an electronic rosary, is so insecure, it can be trivially hacked to siphon off worshipers' personal information.…
SC Magazine

Trojanized Russian-language Tor browser lets attacks steal from users’ e-wallets

Researchers have discovered a trojanized version of a Tor private browser that targets Russian-speaking dark web marketplace visitors and lets cybercriminals steal from their e-wallet transactions. The developers behind the malicious browser have so far stolen at least $40,000 in...
SC Magazine

UC Browser potentially endangers 500 million users

The popular Android browser UC Browser was found to break several Google mobile app rules possibly placing up to 500 million of its users at risk. UC Browser, which is available from the Google Play store, was found by Zscaler ThreatLabZ...
ZDNet

US stopped using floppy disks to manage nuclear weapons arsenal

US Air Force switches to secure solid-state-based solution to replace antiquated floppy disks in SACCS nuclear weapons management system.
Bruce Schneier

Friday Squid Blogging: Six-Foot-Long Mass of Squid Eggs Found on Great Barrier Reef

It's likely the diamondback squid. There's a video. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.