Vulnerability in Citrix Presentation Server for Windows could result in privilege escalation

Severity: Low

Description of Problem

A vulnerability has been identified in Citrix Presentation Server for Windows that could result in an authenticated interactive user escalating their privilege level.

In order to exploit this vulnerability a user would need sufficient access rights to create a file in a specific location on the server’s system drive. On Windows Server 2003-based systems, default file system access control settings would prevent unprivileged users from doing this.

Affected Products

This vulnerability affects the following products:

• Citrix XenApp (formerly Presentation Server) 4.5, including Feature Pack 1

• Citrix Presentation Server 4.0

• Citrix Access Essentials 2.0

• Citrix Access Essentials 1.5

• Citrix Access Essentials 1.0

Customers with older, unsupported versions of Presentation Server should contact their Citrix Technical Support representative for further guidance.

What Customers Should Do

This vulnerability has been addressed in existing Hotfix Rollup Packs. Customers that have yet to install the latest Hotfix Rollup Packs into their environment should review the following list and consider applying the relevant updates:

Citrix Presentation Server 4.5 for Windows Server 2003 x64:

EN - http://support.citrix.com/article/CTX116294

FR - http://support.citrix.com/article/CTX116295

DE - http://support.citrix.com/article/CTX116296

JA - http://support.citrix.com/article/CTX116298

ES - http://support.citrix.com/article/CTX116299

Citrix Presentation Server 4.5 for Windows Server 2003:

EN - http://support.citrix.com/article/CTX116289

FR - http://support.citrix.com/article/CTX116290

DE - http://support.citrix.com/article/CTX116291

JA - http://support.citrix.com/article/CTX116292

ES - http://support.citrix.com/article/CTX116293

Citrix Presentation Server 4.0 for Windows 2000 Server:

EN - http://support.citrix.com/article/CTX116259
FR - http://support.citrix.com/article/CTX116260

DE - http://support.citrix.com/article/CTX116261

JA - http://support.citrix.com/article/CTX116263

ES - http://support.citrix.com/article/CTX116262

Citrix Presentation Server 4.0 for Windows Server 2003:

EN - http://support.citrix.com/article/CTX116264

FR - http://support.citrix.com/article/CTX116265

DE - http://support.citrix.com/article/CTX116266

JA - http://support.citrix.com/article/CTX116268

ES - http://support.citrix.com/article/CTX116267

Citrix Access Essentials 2.0:

EN - http://support.citrix.com/article/CTX116289

FR - http://support.citrix.com/article/CTX116290

DE - http://support.citrix.com/article/CTX116291

JA - http://support.citrix.com/article/CTX116292

ES - http://support.citrix.com/article/CTX116293

Citrix Access Essentials 1.5:

EN - http://support.citrix.com/article/CTX116264

FR - http://support.citrix.com/article/CTX116265

DE - http://support.citrix.com/article/CTX116266

JA - http://support.citrix.com/article/CTX116268

ES - http://support.citrix.com/article/CTX116267

Citrix Access Essentials 1.0:

EN - http://support.citrix.com/article/CTX116264

FR - http://support.citrix.com/article/CTX116265

DE - http://support.citrix.com/article/CTX116266

JA - http://support.citrix.com/article/CTX116268

ES - http://support.citrix.com/article/CTX116267

What Citrix Is Doing

Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Base at http://support.citrix.com/.

Obtaining Support on this Issue

If you require technical assistance with this issue, please contact Citrix Technical Support. Information for contacting Citrix Technical Support is available at http://www.citrix.com/English/ss/supportContacts.asp.

Reporting Security Vulnerabilities to Citrix

Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. If you would like to report a security issue to Citrix, please compose an e-mail to secure@citrix.com containing the exact version of the product in which the vulnerability was found and the steps needed to reproduce the vulnerability.