CVE-2016-6276 - Vulnerability in Citrix Linux VDA (formerly known as Linux Virtual Desktop) Could Result in Privilege Escalation
Article ID: CTX216628
Updated On:
Description
Description of Problem
A vulnerability has been identified in the Linux Virtual Delivery Agent (VDA) component of Citrix XenDesktop that could allow a local user to execute commands as root on the Linux VDA.
The vulnerability affects all versions of the Citrix Linux VDA earlier than version 1.4.0.
This vulnerability has been assigned the following CVE number:
- CVE-2016-6276: Vulnerability in Citrix Linux VDA (formerly known as Linux Virtual Desktop) Could Result in Privilege Escalation
What Customers Should Do
This vulnerability has been addressed in version 1.4.0 and later of the Linux VDA. This new version can be obtained from the following location:
https://www.citrix.com/downloads/xenapp-and-xendesktop.html
Citrix strongly recommends that affected customers upgrade to this new version as soon as possible.
Acknowledgements
Citrix thanks Albin Gustavsson of Ericsson (https://www.ericsson.com/) for working with us to protect Citrix customers.
What Citrix Is Doing
Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at http://support.citrix.com/.
Obtaining Support on This Issue
If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at https://www.citrix.com/support/open-a-support-case.html.
Reporting Security Vulnerabilities
Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For guidance on how to report security-related issues to Citrix, please see the following document: CTX081743 – Reporting Security Issues to Citrix
