CTX139049
NetScaler
NetScaler 10,NetScaler 10,NetScaler 10,NetScaler 10,NetScaler 10,NetScaler 10
Security Bulletin
2014-09-08
2005-06-06
Description of Problem. A number of security vulnerabilities have been identified in Citrix NetScaler Application Delivery Controller (ADC). ...

Description of Problem

A number of security vulnerabilities have been identified in Citrix NetScaler Application Delivery Controller (ADC).

These vulnerabilities have been assigned the following CVE numbers:

    ??é·‰G CVE-2013-6939: Denial of service vulnerability in Citrix NetScaler Application Delivery Controller RADIUS authentication

    ??é·‰G CVE-2012-2141: Array index error in the handle_nsExtendOutput2Table function in agent/mibgroup/agent/extend.c in Net-SNMP 5.7.1 allows remote authenticated users to cause a denial of service (out-of-bounds read and snmpd crash) via an SNMP GET request for an entry not in the extension table.

    ??é·‰G CVE-2013-6940: Vulnerability in Citrix NetScaler Application Delivery Controller could result in user credentials being logged to disk

    ??é·‰G CVE-2013-6941: Vulnerability in Citrix NetScaler Application Delivery Controller firmware could allow shell breakout

    ??é·‰G CVE-2013-6942: Cross-Site Request Forgery vulnerability in Citrx NetScaler Application Delivery Controller

    ??é·‰G CVE-2013-6943: Vulnerability in Citrix NetScaler Application Delivery Controller could result in LDAP injection of SSH and Web management usernames

    ??é·‰G CVE-2013-6944: Cross-Site Scripting vulnerability in Citrix NetScaler AAA TM vServer user interface.

What Customers Should Do

These vulnerabilities have been addressed in new versions of the Citrix NetScaler ADC appliance firmware. Citrix recommends that customers upgrade their Citrix NetScaler ADC appliance firmware to the versions listed below.

The vulnerabilities have been addressed in the following NetScaler ADC appliance firmware versions:

    ??é·‰G 10.1-118.7 and later

    ??é·‰G 10.0-77.5 and later

    ??é·‰G 9.3-64.4 and later

These versions can be obtained from the following locations:

NetScaler ADC Firmware

https://www.citrix.com/downloads/netscaler-adc/firmware.html

NetScaler ADC Virtual Appliance

https://www.citrix.com/downloads/netscaler-adc/virtual-appliances.html

What Citrix Is Doing

Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at / .

Obtaining Support on This Issue

If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at http://www.citrix.com/site/ss/supportContacts.asp .

Reporting Security Vulnerabilities to Citrix

Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. If you would like to report a security issue to Citrix, please compose an e-mail to secure@citrix.com stating the exact version of the product in which the vulnerability was found and the steps needed to reproduce the vulnerability.

 

Join the conversation

Citrix Discussions

Open a case

Citrix Support

特别说明


本文来源为Citrix.com所有,翻译后版权归翻译者所有.如需转载请注明出处.

文档版本


.

广告招租


最新留言


.

广告招租


.