Vulnerability in NetScaler and Access Gateway Enterprise Edition could result in DNS Cache Poisoning
Severity: High
Description of Problem
A vulnerability has been identified in the Citrix NetScaler and Access Gateway Enterprise Edition appliances that could result in Domain Name System (DNS) cache poisoning. The background and details for this vulnerability are described in U.S. Computer Emergency Readiness Team (CERT) Vulnerability Note VU#800113, which can be read at the following location:
http://www.kb.cert.org/vuls/id/800113
Citrix has verified that the NetScaler and Access Gateway Enterprise Edition product lines are vulnerable to this issue in the following configurations:
• When recursive DNS caching is configured on the appliance
-Or-
• When using the appliance as a Network Address Translation (NAT) device in front of caching DNS servers
This CERT-reported vulnerability has been assigned the following Common Vulnerabilities and Exposures (CVE) number:
• CVE-2008-1447
This vulnerability is present in all versions of NetScaler and Access Gateway Enterprise Edition up to and including version 8.1 build 57.3.
Mitigating Factors
The vulnerability is not exploitable if:
• DNS recursive caching is not enabled on the NetScaler or Access Gateway Enterprise Edition
• The NetScaler or Access Gateway Enterprise Edition is not configured with NAT and installed in front of DNS servers
• The NetScaler deployment is in the ADNS mode, serving DNS responses only from statically configured entries, such as in a Global Server Load Balancing (GSLB) configuration
What Customers Should Do
New firmware has been released to address this issue. Citrix strongly recommends that all customers with products affected by this issue install the new firmware, available from the following locations:
NetScaler 8.0 (build 57.3)
https://www.citrix.com/English/ss/downloads/results.asp?productID=21679
NetScaler 8.1 (build 58.5)
https://www.citrix.com/English/ss/downloads/results.asp?productID=21679
Access Gateway Enterprise Edition 8.0 (build 57.3)
https://www.citrix.com/English/ss/downloads/results.asp?productID=15005
Access Gateway Enterprise Edition 8.1 (build 58.5)
https://www.citrix.com/English/ss/downloads/results.asp?productID=15005
Customers with versions of the NetScaler and Access Gateway Enterprise Edition earlier than version 8.0 are advised to contact their customer service representative for further information.
Acknowledgements
Citrix thanks Dan Kaminsky of IOActive and Paul Vixie of Internet Systems Consortium, Inc. (ISC) for working with us to protect Citrix customers.
What Citrix Is Doing
Citrix is proactively notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at http://support.citrix.com/.
Obtaining Support on this Issue
If you require technical assistance with this issue, please contact Citrix Technical Support. Information for contacting Citrix Technical Support is available at http://www.citrix.com/English/ss/supportContacts.asp.
Reporting Security Vulnerabilities to Citrix
Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities very seriously. If you would like to report a security issue to Citrix, please compose an e-mail to secure@citrix.com containing the exact version of the product in which the vulnerability was found and the steps needed to reproduce the vulnerability.
