Title: Citrix MetaFrame Multiple Sessions Denial of Service Vulnerability
Severity: MODERATE
Description:
Citrix MetaFrame is a remote application server used for terminal service type environments.
A vunerability exists in Citrix MetaFrame's handling of numerous connections which, if exploited, could lead to a denial of services to network users.
When a connection is made between a remote client and a MetaFrame host, a protocol developed by Citrix (ICA protocol) is used. This protocol is used specifically to ensure a client's secure connection to the host.
It is possible for an unauthorized remote user to connect to a Citrix host, and establish an unusual number of sessions (approx 52). If the sessions time out, additional attempts made for a connection could cause the host to crash.
A restart of the service may be required in order to regain normal functionality.
Affected Products:
- Citrix MetaFrame 0.0.0XP
- Citrix MetaFrame for Windows 2000 1.8.0
- Citrix MetaFrame for Windows NT 4.0 TSE 1.8.0
References:
- Citrix: Citrix Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
