Details of VAR-201408-0006

ID

VAR-201408-0006

CVE

CVE-2011-2593

TITLE

Citrix Access Gateway Enterprise Edition Plug-in for Windows of nsepacom ActiveX Control StartEpa Method integer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2011-005338

DESCRIPTION

Integer overflow in the StartEpa method in the nsepacom ActiveX control (nsepa.exe) in Citrix Access Gateway Enterprise Edition Plug-in for Windows 9.x before 9.3-57.5 and 10.0 before 10.0-69.4 allows remote attackers to execute arbitrary code via a crafted Content-Length HTTP header, which triggers a heap-based buffer overflow. Citrix Access Gateway is a universal SSL VPN device. The attacker can Exploit a heap-based buffer overflow, possibly executing arbitrary code in the context of an application. Failed exploit attempts will likely result in denial-of-service conditions. that provides secure access to virtual desktops and applications. NOTE: Other versions may also be affected. Successful exploitation may allow execution of arbitrary code. ====================================================================== 5) Solution No official solution is currently available. ====================================================================== 6) Time Table 19/07/2011 - Vendor notified. 21/07/2011 - Vendor response. 20/01/2012 - Requested status update. 08/02/2012 - Vendor response, fix not scheduled. 09/05/2012 - Requested status update. 09/05/2012 - Vendor response, fix scheduled for June. 03/07/2012 - Requested status update. 21/07/2012 - Vendor response, fix delayed. 01/08/2012 - Public disclosure. ====================================================================== 7) Credits Discovered by Dmitriy Pletnev, Secunia Research. ====================================================================== 8) References The Common Vulnerabilities and Exposures (CVE) project has assigned CVE-2011-2593 for the vulnerability. ====================================================================== 9) About Secunia Secunia offers vulnerability management solutions to corporate customers with verified and reliable vulnerability intelligence relevant to their specific system configuration: http://secunia.com/advisories/business_solutions/ Secunia also provides a publicly accessible and comprehensive advisory database as a service to the security community and private individuals, who are interested in or concerned about IT-security. http://secunia.com/advisories/ Secunia believes that it is important to support the community and to do active vulnerability research in order to aid improving the security and reliability of software in general: http://secunia.com/secunia_research/ Secunia regularly hires new skilled team members. Check the URL below to see currently vacant positions: http://secunia.com/corporate/jobs/ Secunia offers a FREE mailing list called Secunia Security Advisories: http://secunia.com/advisories/mailing_lists/ ====================================================================== 10) Verification Please verify this advisory by visiting the Secunia website: http://secunia.com/secunia_research/2012-26/ Complete list of vulnerability reports published by Secunia Research: http://secunia.com/secunia_research/ ====================================================================== . ---------------------------------------------------------------------- We are millions! Join us to protect all Pc's Worldwide. The vulnerabilities are confirmed in version 9.3.49.5. ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2012-26/ http://secunia.com/secunia_research/2012-27/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.7

sources: NVD: CVE-2011-2593 // JVNDB: JVNDB-2011-005338 // CNVD: CNVD-2012-4068 // BID: 54754 // VULHUB: VHN-50538 // PACKETSTORM: 115174 // PACKETSTORM: 115163

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2012-4068

AFFECTED PRODUCTS

vendor:	citrix	model:	access gateway plug-in	scope:	eq	version:	10.0	Trust: 1.6
vendor:	citrix	model:	access gateway plug-in	scope:	lte	version:	9.3	Trust: 1.0
vendor:	citrix	model:	access gateway plug-in	scope:	lt	version:	9.x	Trust: 0.8
vendor:	citrix	model:	access gateway plug-in	scope:	eq	version:	for windows (enterprise edition) 9.3-57.5	Trust: 0.8
vendor:	citrix	model:	nsepacom activex control	scope:	eq	version:	9.x	Trust: 0.6
vendor:	citrix	model:	access gateway plug-in for windows	scope:	eq	version:	9.x	Trust: 0.6
vendor:	citrix	model:	access gateway plug-in	scope:	eq	version:	9.3	Trust: 0.6

sources: CNVD: CNVD-2012-4068 // JVNDB: JVNDB-2011-005338 // CNNVD: CNNVD-201207-634 // NVD: CVE-2011-2593

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2011-2593
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2011-2593
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201207-634
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-50538
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2011-2593
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-50538
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-50538 // JVNDB: JVNDB-2011-005338 // CNNVD: CNNVD-201207-634 // NVD: CVE-2011-2593

PROBLEMTYPE DATA

problemtype:

CWE-189

Trust: 1.9

sources: VULHUB: VHN-50538 // JVNDB: JVNDB-2011-005338 // NVD: CVE-2011-2593

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201207-634

TYPE

digital error

Trust: 0.6

sources: CNNVD: CNNVD-201207-634

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-005338

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-50538

PATCH

title:

CTX134303

url:

http://support.citrix.com/article/CTX134303

Trust: 0.8

sources: JVNDB: JVNDB-2011-005338

EXTERNAL IDS

db:	NVD	id:	CVE-2011-2593	Trust: 3.5
db:	SECUNIA	id:	45299	Trust: 2.4
db:	JVNDB	id:	JVNDB-2011-005338	Trust: 0.8
db:	CNNVD	id:	CNNVD-201207-634	Trust: 0.7
db:	CNVD	id:	CNVD-2012-4068	Trust: 0.6
db:	XF	id:	77317	Trust: 0.6
db:	BID	id:	54754	Trust: 0.3
db:	PACKETSTORM	id:	115174	Trust: 0.2
db:	VULHUB	id:	VHN-50538	Trust: 0.1
db:	PACKETSTORM	id:	115163	Trust: 0.1

sources: CNVD: CNVD-2012-4068 // VULHUB: VHN-50538 // BID: 54754 // JVNDB: JVNDB-2011-005338 // PACKETSTORM: 115174 // PACKETSTORM: 115163 // CNNVD: CNNVD-201207-634 // NVD: CVE-2011-2593

REFERENCES

url:	http://secunia.com/advisories/45299	Trust: 2.3
url:	http://support.citrix.com/article/ctx134303	Trust: 1.7
url:	http://secunia.com/secunia_research/2012-26	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/77317	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2593	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-2593	Trust: 0.8
url:	http://secunia.com/secunia_research/2012-27	Trust: 0.8
url:	http://secunia.com/advisories/45299/	Trust: 0.7
url:	http://xforce.iss.net/xforce/xfdb/77317	Trust: 0.6
url:	http://secunia.com/secunia_research/2012-26/	Trust: 0.5
url:	http://secunia.com/secunia_research/2012-27/	Trust: 0.4
url:	http://www.citrix.com/english/ps2/products/product.asp?contentid=15005	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2011-2593	Trust: 0.1
url:	http://www.citrix.com/site/ss/downloads/details.asp?downloadid=	Trust: 0.1
url:	http://secunia.com/secunia_research/	Trust: 0.1
url:	http://secunia.com/corporate/jobs/	Trust: 0.1
url:	http://secunia.com/advisories/mailing_lists/	Trust: 0.1
url:	http://secunia.com/advisories/	Trust: 0.1
url:	http://secunia.com/advisories/business_solutions/	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=45299	Trust: 0.1
url:	http://secunia.com/psi	Trust: 0.1
url:	http://secunia.com/vulnerability_intelligence/	Trust: 0.1
url:	http://secunia.com/advisories/45299/#comments	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/personal/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1

CREDITS

Dmitriy Pletnev, Secunia Research

Trust: 0.3

sources: BID: 54754

SOURCES

db:	CNVD	id:	CNVD-2012-4068
db:	VULHUB	id:	VHN-50538
db:	BID	id:	54754
db:	JVNDB	id:	JVNDB-2011-005338
db:	PACKETSTORM	id:	115174
db:	PACKETSTORM	id:	115163
db:	CNNVD	id:	CNNVD-201207-634
db:	NVD	id:	CVE-2011-2593

LAST UPDATE DATE

2025-04-13T23:29:42.248000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2012-4068	date:	2012-08-03T00:00:00
db:	VULHUB	id:	VHN-50538	date:	2017-08-29T00:00:00
db:	BID	id:	54754	date:	2012-08-01T00:00:00
db:	JVNDB	id:	JVNDB-2011-005338	date:	2014-08-14T00:00:00
db:	CNNVD	id:	CNNVD-201207-634	date:	2014-08-13T00:00:00
db:	NVD	id:	CVE-2011-2593	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2012-4068	date:	2012-08-03T00:00:00
db:	VULHUB	id:	VHN-50538	date:	2014-08-12T00:00:00
db:	BID	id:	54754	date:	2012-08-01T00:00:00
db:	JVNDB	id:	JVNDB-2011-005338	date:	2014-08-14T00:00:00
db:	PACKETSTORM	id:	115174	date:	2012-08-01T15:09:44
db:	PACKETSTORM	id:	115163	date:	2012-07-31T10:58:14
db:	CNNVD	id:	CNNVD-201207-634	date:	2012-08-03T00:00:00
db:	NVD	id:	CVE-2011-2593	date:	2014-08-12T20:55:02.527