CVE-2006-5821 - OpenCVE

Heap-based buffer overflow in the IMA_SECURE_DecryptData1 function in ImaSystem.dll for Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to execute arbitrary code via requests to the Independent Management Architecture (IMA) service (ImaSrv.exe) with invalid size values that trigger the overflow during decryption.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Citrix	Metaframe Presentation Server Metaframe

Configuration 1 [-]

OR	cpe:2.3:a:citrix:metaframe:1.0::windows_2000:::::
	cpe:2.3:a:citrix:metaframe:3.0::microsoft_windows_2000:::::
	cpe:2.3:a:citrix:metaframe_presentation_server:4.0::64-bit:::::
	cpe:2.3:a:citrix:metaframe_presentation_server:4.0::microsoft_windows_2000:::::
	cpe:2.3:a:citrix:metaframe_presentation_server:4.0::microsoft_windows_2003:::::

References

Link	Resource
http://secunia.com/advisories/22802
http://securitytracker.com/id?1017205
http://support.citrix.com/article/CTX111186	Patch
http://www.securityfocus.com/archive/1/451337/100/100/threaded
http://www.securityfocus.com/bid/20986
http://www.vupen.com/english/advisories/2006/4429
http://www.zerodayinitiative.com/advisories/ZDI-06-038.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/30148

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2006-11-10T23:00:00

Updated: 2018-10-17T20:57:01

Reserved: 2006-11-08T00:00:00

Link: CVE-2006-5821

JSON object: View

NVD Information

Status : Modified

Published: 2006-11-10T23:07:00.000

Modified: 2018-10-17T21:45:18.137

Link: CVE-2006-5821

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-11-09T00:00:00", "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the IMA_SECURE_DecryptData1 function in ImaSystem.dll for Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to execute arbitrary code via requests to the Independent Management Architecture (IMA) service (ImaSrv.exe) with invalid size values that trigger the overflow during decryption."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20061109 ZDI-06-038: Citrix MetaFrame IMA Management Module Remote Heap Overflow", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/451337/100/100/threaded"}, {"tags": ["x_refsource_MISC"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-038.html"}, {"name": "citrix-ima-management-bo(30148)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30148"}, {"name": "1017205", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1017205"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.citrix.com/article/CTX111186"}, {"name": "20986", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/20986"}, {"name": "22802", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/22802"}, {"name": "ADV-2006-4429", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/4429"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-5821", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Heap-based buffer overflow in the IMA_SECURE_DecryptData1 function in ImaSystem.dll for Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to execute arbitrary code via requests to the Independent Management Architecture (IMA) service (ImaSrv.exe) with invalid size values that trigger the overflow during decryption."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20061109 ZDI-06-038: Citrix MetaFrame IMA Management Module Remote Heap Overflow", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/451337/100/100/threaded"}, {"name": "http://www.zerodayinitiative.com/advisories/ZDI-06-038.html", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-038.html"}, {"name": "citrix-ima-management-bo(30148)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30148"}, {"name": "1017205", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017205"}, {"name": "http://support.citrix.com/article/CTX111186", "refsource": "CONFIRM", "url": "http://support.citrix.com/article/CTX111186"}, {"name": "20986", "refsource": "BID", "url": "http://www.securityfocus.com/bid/20986"}, {"name": "22802", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22802"}, {"name": "ADV-2006-4429", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/4429"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-5821", "datePublished": "2006-11-10T23:00:00", "dateReserved": "2006-11-08T00:00:00", "dateUpdated": "2018-10-17T20:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:citrix:metaframe:1.0:*:windows_2000:*:*:*:*:*", "matchCriteriaId": "A77E8839-8E33-45E8-B491-C5733C8AB884", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:metaframe:3.0:*:microsoft_windows_2000:*:*:*:*:*", "matchCriteriaId": "0C88F86F-F07D-4C17-B5D5-EC8F1A69A65A", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:metaframe_presentation_server:4.0:*:64-bit:*:*:*:*:*", "matchCriteriaId": "E0A76F02-1EB3-4925-B241-91331EAFDDE8", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:metaframe_presentation_server:4.0:*:microsoft_windows_2000:*:*:*:*:*", "matchCriteriaId": "9565EB76-11A0-415F-943A-E9870F5F37D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:metaframe_presentation_server:4.0:*:microsoft_windows_2003:*:*:*:*:*", "matchCriteriaId": "A015864E-AF0C-49CA-8961-9CAA830DAE8E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the IMA_SECURE_DecryptData1 function in ImaSystem.dll for Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to execute arbitrary code via requests to the Independent Management Architecture (IMA) service (ImaSrv.exe) with invalid size values that trigger the overflow during decryption."}, {"lang": "es", "value": "Desbordamiento del b\u00fafer basado en mont\u00f3n en la funci\u00f3n IMA_SECURE_DecryptData1 en la ImaSystem.dll para el Citrix MetaFrame XP 1.0 y 2.0, y Presentation Server 3.0 y 4.0, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante una petici\u00f3n en el Independent Management Architecture (IMA) al servicio (ImaSrv.exe) con tama\u00f1os de valores no v\u00e1lidos que disparen el desbordamiento durante la desencriptaci\u00f3n."}], "id": "CVE-2006-5821", "lastModified": "2018-10-17T21:45:18.137", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-11-10T23:07:00.000", "references": [{"source": "cve@mitre.org", "url": "http://secunia.com/advisories/22802"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1017205"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://support.citrix.com/article/CTX111186"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/451337/100/100/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/20986"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/4429"}, {"source": "cve@mitre.org", "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-038.html"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30148"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}