Citrix Provisioning Services SoapServer Buffer Overflow Vulnerability Network Vulnerability

Summary

This host is installed with Citrix Provisioning Services and is prone to buffer overflow vulnerability.

Impact

Successful exploitation could allow remote attackers to execute arbitrary code on the target system. Impact Level: Application/System

Solution

Apply the hotfix for Citrix Provisioning Services, For updates refer to http://support.citrix.com/article/ctx133039

Insight

The SoapServer service improperly calculates a buffer index pointer value for a date and time string, which references a location outside the fixed sized heap buffer resulting in a heap buffer overflow.

Affected

Citrix Provisioning Services version 5.6 and prior, 6.0 and 6.1

References

http://secunia.com/advisories/48971/
http://support.citrix.com/article/ctx133039
http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=979

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-4068

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe Reader 'Plug-in' Buffer Overflow Vulnerability (Linux)
Audacity Buffer Overflow Vulnerability (Win)
Adobe Flash CS3 SWF Processing Buffer Overflow Vulnerabilities
Active Perl 'Perl_repeatcpy()' Function Buffer Overflow Vulnerability (Windows)
Adobe Reader 'Plug-in' Buffer Overflow Vulnerability (Mac OS X)

Take action and discover your vulnerabilities