Citrix Provisioning Services SoapServer Buffer Overflow Vulnerability Network Vulnerability

Summary

This host is installed with Citrix Provisioning Services and is prone to buffer overflow vulnerability.

Impact

Successful exploitation could allow remote attackers to execute arbitrary code on the target system. Impact Level: Application/System

Solution

Apply the hotfix for Citrix Provisioning Services, For updates refer to http://support.citrix.com/article/ctx133039

Insight

The SoapServer service improperly calculates a buffer index pointer value for a date and time string, which references a location outside the fixed sized heap buffer resulting in a heap buffer overflow.

Affected

Citrix Provisioning Services version 5.6 and prior, 6.0 and 6.1

References

http://secunia.com/advisories/48971/
http://support.citrix.com/article/ctx133039
http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=979

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-4068
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

DATAC RealWin SCADA Server On_FC_CONNECT_FCS_a_FILE Buffer Overflow Vulnerability
avast! Multiple Vulnerabilities - Oct09 (Win)
Adobe Reader Multiple BOF Vulnerabilities - Jun09 (Linux)
ChaSen Buffer Overflow Vulnerability (Linux)
DesignWorks Professional '.cct' File BOF Vulnerability

Take action and discover your vulnerabilities