Privilege Escalation Vulnerability in Citrix Deterministic Network Enhancer (dne2000.sys)

Severity: Low

Description of Problem

A vulnerability has been identified in the Citrix Deterministic Network Enhancer (DNE) which, when exploited, could result in an escalation of privileges for a local attacker.

This vulnerability is present in all versions of the DNE up to and including 3.21.8.

What Customers Should Do

This vulnerability has been addressed in DNE driver version 3.21.9 and later. A DNE Update has been released to address this issue and the latest DNE Software Development Kit (SDK) has been updated.

Citrix recommends that customers upgrade their DNE driver to version 3.21.9 or later by performing a DNE Update or utilizing the SDK to effect remediation. Affected users can find the download information at the following address:

http://www.deterministicnetworks.com/support/dnesupport.asp    

Acknowledgements

Citrix would like to thank mu-b of Digit-Labs for working with us to protect Citrix customers.

What Citrix Is Doing

Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at http://support.citrix.com/securitybulletins/.

Obtaining Support on this Issue

If you require technical assistance with this issue, please contact Citrix Technical Support. Information for contacting Citrix Technical Support is available at http://www.citrix.com/English/ss/supportContacts.asp.

Reporting Security Vulnerabilities to Citrix

Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. If you would like to report a security issue to Citrix, please compose an e-mail to secure@citrix.com containing the exact version of the product in which the vulnerability was found and the steps needed to reproduce the vulnerability.