Details of VAR-201406-0006

ID

VAR-201406-0006

CVE

CVE-2011-2592

TITLE

Citrix Access Gateway Enterprise Edition Plug-in for Windows Heap-based buffer overflow vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2011-005334 // CNNVD: CNNVD-201207-633

DESCRIPTION

Heap-based buffer overflow in the StartEpa method in the nsepacom ActiveX control (nsepa.exe) in Citrix Access Gateway Enterprise Edition Plug-in for Windows 9.x before 9.3-57.5 and 10.0 before 10.0-69.4 allows remote attackers to execute arbitrary code via a long CSEC HTTP response header. Citrix Access Gateway is a universal SSL VPN device. Attackers can exploit the vulnerability. Performing a heap-based buffer overflow may execute arbitrary code in the application context. Failed exploit attempts will likely result in denial-of-service conditions. that provides secure access to virtual desktops and applications. NOTE: Other versions may also be affected. Successful exploitation allows execution of arbitrary code. ====================================================================== 5) Solution No official solution is currently available. ====================================================================== 6) Time Table 19/07/2011 - Vendor notified. 21/07/2011 - Vendor response. 20/01/2012 - Requested status update. 08/02/2012 - Vendor response, fix not scheduled. 09/05/2012 - Requested status update. 09/05/2012 - Vendor response, fix scheduled for June. 03/07/2012 - Requested status update. 21/07/2012 - Vendor response, fix delayed. 01/08/2012 - Public disclosure. ====================================================================== 7) Credits Discovered by Dmitriy Pletnev, Secunia Research. ====================================================================== 8) References The Common Vulnerabilities and Exposures (CVE) project has assigned CVE-2011-2592 for the vulnerability. ====================================================================== 9) About Secunia Secunia offers vulnerability management solutions to corporate customers with verified and reliable vulnerability intelligence relevant to their specific system configuration: http://secunia.com/advisories/business_solutions/ Secunia also provides a publicly accessible and comprehensive advisory database as a service to the security community and private individuals, who are interested in or concerned about IT-security. http://secunia.com/advisories/ Secunia believes that it is important to support the community and to do active vulnerability research in order to aid improving the security and reliability of software in general: http://secunia.com/secunia_research/ Secunia regularly hires new skilled team members. Check the URL below to see currently vacant positions: http://secunia.com/corporate/jobs/ Secunia offers a FREE mailing list called Secunia Security Advisories: http://secunia.com/advisories/mailing_lists/ ====================================================================== 10) Verification Please verify this advisory by visiting the Secunia website: http://secunia.com/secunia_research/2012-27/ Complete list of vulnerability reports published by Secunia Research: http://secunia.com/secunia_research/ ====================================================================== . ---------------------------------------------------------------------- We are millions! Join us to protect all Pc's Worldwide. The vulnerabilities are confirmed in version 9.3.49.5. ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2012-26/ http://secunia.com/secunia_research/2012-27/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.7

sources: NVD: CVE-2011-2592 // JVNDB: JVNDB-2011-005334 // CNVD: CNVD-2012-4067 // BID: 54754 // VULHUB: VHN-50537 // PACKETSTORM: 115175 // PACKETSTORM: 115163

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2012-4067

AFFECTED PRODUCTS

vendor:	citrix	model:	access gateway plug-in	scope:	eq	version:	9.0	Trust: 1.6
vendor:	citrix	model:	access gateway plug-in	scope:	eq	version:	9.3	Trust: 1.6
vendor:	citrix	model:	access gateway plug-in	scope:	eq	version:	10.0	Trust: 1.6
vendor:	citrix	model:	access gateway plug-in	scope:	eq	version:	9.1	Trust: 1.6
vendor:	citrix	model:	access gateway plug-in	scope:	eq	version:	9.2	Trust: 1.6
vendor:	citrix	model:	access gateway plug-in	scope:	lt	version:	9.x	Trust: 0.8
vendor:	citrix	model:	access gateway plug-in	scope:	eq	version:	for windows (enterprise edition) 9.3-57.5	Trust: 0.8
vendor:	citrix	model:	nsepacom activex control	scope:	eq	version:	9.x	Trust: 0.6
vendor:	citrix	model:	access gateway plug-in for windows	scope:	eq	version:	9.x	Trust: 0.6

sources: CNVD: CNVD-2012-4067 // JVNDB: JVNDB-2011-005334 // CNNVD: CNNVD-201207-633 // NVD: CVE-2011-2592

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2011-2592
value:	HIGH
Trust: 1.0
NVD:	CVE-2011-2592
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201207-633
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-50537
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2011-2592
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-50537
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-50537 // JVNDB: JVNDB-2011-005334 // CNNVD: CNNVD-201207-633 // NVD: CVE-2011-2592

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-50537 // JVNDB: JVNDB-2011-005334 // NVD: CVE-2011-2592

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201207-633

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201207-633

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-005334

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-50537

PATCH

title:

CTX134303

url:

http://support.citrix.com/article/CTX134303

Trust: 0.8

sources: JVNDB: JVNDB-2011-005334

EXTERNAL IDS

db:	NVD	id:	CVE-2011-2592	Trust: 3.5
db:	OSVDB	id:	84433	Trust: 1.7
db:	SECUNIA	id:	45299	Trust: 1.3
db:	JVNDB	id:	JVNDB-2011-005334	Trust: 0.8
db:	CNNVD	id:	CNNVD-201207-633	Trust: 0.7
db:	CNVD	id:	CNVD-2012-4067	Trust: 0.6
db:	XF	id:	77316	Trust: 0.6
db:	BID	id:	54754	Trust: 0.3
db:	PACKETSTORM	id:	115175	Trust: 0.2
db:	VULHUB	id:	VHN-50537	Trust: 0.1
db:	PACKETSTORM	id:	115163	Trust: 0.1

sources: CNVD: CNVD-2012-4067 // VULHUB: VHN-50537 // BID: 54754 // JVNDB: JVNDB-2011-005334 // PACKETSTORM: 115175 // PACKETSTORM: 115163 // CNNVD: CNNVD-201207-633 // NVD: CVE-2011-2592

REFERENCES

url:	http://secunia.com/secunia_research/2012-27	Trust: 2.5
url:	http://archives.neohapsis.com/archives/bugtraq/2012-08/0009.html	Trust: 1.7
url:	http://support.citrix.com/article/ctx134303	Trust: 1.7
url:	http://osvdb.org/show/osvdb/84433	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/77316	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2592	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-2592	Trust: 0.8
url:	http://secunia.com/advisories/45299/	Trust: 0.7
url:	http://xforce.iss.net/xforce/xfdb/77316	Trust: 0.6
url:	http://secunia.com/advisories/45299	Trust: 0.6
url:	http://secunia.com/secunia_research/2012-27/	Trust: 0.5
url:	http://secunia.com/secunia_research/2012-26/	Trust: 0.4
url:	http://www.citrix.com/english/ps2/products/product.asp?contentid=15005	Trust: 0.3
url:	http://www.citrix.com/site/ss/downloads/details.asp?downloadid=	Trust: 0.1
url:	http://secunia.com/secunia_research/	Trust: 0.1
url:	http://secunia.com/corporate/jobs/	Trust: 0.1
url:	http://secunia.com/advisories/mailing_lists/	Trust: 0.1
url:	http://secunia.com/advisories/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-2592	Trust: 0.1
url:	http://secunia.com/advisories/business_solutions/	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=45299	Trust: 0.1
url:	http://secunia.com/psi	Trust: 0.1
url:	http://secunia.com/vulnerability_intelligence/	Trust: 0.1
url:	http://secunia.com/advisories/45299/#comments	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/personal/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1

CREDITS

Dmitriy Pletnev, Secunia Research

Trust: 0.3

sources: BID: 54754

SOURCES

db:	CNVD	id:	CNVD-2012-4067
db:	VULHUB	id:	VHN-50537
db:	BID	id:	54754
db:	JVNDB	id:	JVNDB-2011-005334
db:	PACKETSTORM	id:	115175
db:	PACKETSTORM	id:	115163
db:	CNNVD	id:	CNNVD-201207-633
db:	NVD	id:	CVE-2011-2592

LAST UPDATE DATE

2025-04-13T23:29:42.206000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2012-4067	date:	2012-08-03T00:00:00
db:	VULHUB	id:	VHN-50537	date:	2017-08-29T00:00:00
db:	BID	id:	54754	date:	2012-08-01T00:00:00
db:	JVNDB	id:	JVNDB-2011-005334	date:	2014-06-19T00:00:00
db:	CNNVD	id:	CNNVD-201207-633	date:	2014-06-19T00:00:00
db:	NVD	id:	CVE-2011-2592	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2012-4067	date:	2012-08-03T00:00:00
db:	VULHUB	id:	VHN-50537	date:	2014-06-18T00:00:00
db:	BID	id:	54754	date:	2012-08-01T00:00:00
db:	JVNDB	id:	JVNDB-2011-005334	date:	2014-06-19T00:00:00
db:	PACKETSTORM	id:	115175	date:	2012-08-01T15:12:05
db:	PACKETSTORM	id:	115163	date:	2012-07-31T10:58:14
db:	CNNVD	id:	CNNVD-201207-633	date:	2012-08-03T00:00:00
db:	NVD	id:	CVE-2011-2592	date:	2014-06-18T14:55:11.930