Citrix Provisioning Services Opcode 40020006 Integer Underflow

2012-01-20T00:00:00
ID SAINT:C33DB2A3EB4153E55907514B6D7FA735
Type saint
Reporter SAINT Corporation
Modified 2012-01-20T00:00:00

Description

Added: 01/20/2012
BID: 49803

Background

Citrix Provisioning Services dynamically provisions virtual servers to simplify and streamline server management, while reducing software rollout risk.

Problem

Citrix Provisioning Services 5.6 SP1 and prior are vulnerable to a remotely exploitable integer underflow that can lead to a stack overflow. A remote attacker may exploit this vulnerability to execute arbitrary code on the target machine in the context of the server, which is SYSTEM.

Resolution

Apply patches as described in Citrix Knowledge Base Document CTX130846.

References

<http://www.zerodayinitiative.com/advisories/ZDI-12-010/>
<http://www.securityfocus.com/archive/1/521193>

Limitations

This exploit has been tested against Citrix Systems Provisioning Services 5.6 SP1 on Windows Server 2003 SP2 English (DEP OptOut).

Platforms

Windows