MetaFrame installer adds a registry key with an insecure access control list

Severity: Medium

Description of Problem

The installers for some versions of MetaFrame add a registry key with an insecure access control list. On vulnerable servers this registry key could potentially be used to elevate the privileges of authenticated users.

This vulnerability is present in versions of MetaFrame up to and including MetaFrame XP 1.0 Feature Release 1. Installations of later versions of MetaFrame and Presentation Server could also be affected if they have at some point been upgraded from a vulnerable version.

Any server running on Windows Server 2003 will not be affected by this as none of the versions supported on this platform add the insecure access control list.

Mitigating Factors

This vulnerability cannot be exploited by anonymous users; to be able to exploit this an attacker would need to be able to log on locally to the server, or be able to make remote registry key changes.

What Customers Should Do

Citrix recommends that affected customers install the released hotfix to address this issue; this can be downloaded from the following locations:

http://support.citrix.com/hotfixes.jsp

MetaFrame XP 1.0 for Windows 2000 Server:

EN - http://support.citrix.com/article/CTX110404

DE - http://support.citrix.com/article/CTX110511

FR - http://support.citrix.com/article/CTX110512

ES - http://support.citrix.com/article/CTX110513

JA - http://support.citrix.com/article/CTX110514

MetaFrame Presentation Server 3.0 for Windows 2000 Server:

EN - http://support.citrix.com/article/CTX110403

DE - http://support.citrix.com/article/CTX110482

FR - http://support.citrix.com/article/CTX110483

ES - http://support.citrix.com/article/CTX110484

JA - http://support.citrix.com/article/CTX110485

Citrix Presentation Server 4.0 for Windows 2000 Server:

EN - http://support.citrix.com/article/CTX110413

DE - http://support.citrix.com/article/CTX110507

FR - http://support.citrix.com/article/CTX110508

ES - http://support.citrix.com/article/CTX110509

JA - http://support.citrix.com/article/CTX110510

Acknowledgements

Citrix thanks Andres Tarasco of SIA Group for reporting this issue and working with us to protect our customers.

What Citrix Is Doing

Citrix is proactively notifying customers and channel partners about this potential security issue. An article containing the information in this bulletin is available from the Citrix Knowledge Base at http://support.citrix.com/.

Obtaining Support on this Issue

If you require technical assistance with this issue, please contact Citrix Technical Support. Information for contacting Citrix Technical Support is available at http://support.citrix.com/.

Reporting Security Vulnerabilities to Citrix

Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities very seriously. If you would like to report a security issue to Citrix, please compose an e-mail to secure@citrix.com containing the exact version of the product in which the vulnerability was found and steps to reproduce the vulnerability.