Discovered Vulnerability in Citrix Licensing Could Allow Remote Code Execution (CTX207824)

ITS Advisory Number: 
2016-054
Date(s) Issued: 
Tuesday, March 15, 2016
Subject: 
Discovered Vulnerability in Citrix Licensing Could Allow Remote Code Execution (CTX207824)
Overview: 

A vulnerability has been identified in Citrix Licensing that could allow a remote, unauthenticated attacker to crash the License Server and potentially execute arbitrary code on the server. 

Systems Affected: 
  • Citrix License Server for Windows versions prior to 11.13.1.2
  • Citrix License Server VPX versions prior to 11.13.1.2
  • Citrix CloudBridge
  • Citrix NetScaler SVM
  • Citrix NetScaler Insight Center
  • Citrix ByteMobile
  • Citrix XenMobile
  • XenMobile Server 10.3.x
  • XenMobile Server 10.1.x
  • XenMobile Server 10.0.x
  • XenMobile Device Manager 9.0
RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
High
BUSINESS
Large and medium business entities: 
High
Small business entities: 
High
Home Users: 
Low
Description: 

A vulnerability has been identified in Citrix Licensing that could allow a remote, unauthenticated attacker to crash the License Server and potentially execute arbitrary code on the server. Details of this vulnerability is as follows:

Certain remote message parsing functions inside the FlexNet Publisher daemon use a custom string copy function that does not provide proper bounds checking on incoming data. This allows for specially crafted messages to cause a stack buffer overflow. It was also found that the same vulnerable code is packaged into all customer binaries produced by the FlexNet Publisher. [CVE-2015-8277]

Actions: 
  • After appropriate testing apply applicable updates provided by Citrix to vulnerable systems.
  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
  • Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.