漏洞信息详情
Citrix Access Gateway 身份认证绕过漏洞
- CNNVD编号:CNNVD-200806-043
- 危害等级: 中危
- CVE编号: CVE-2008-2528
- 漏洞类型: 授权问题
- 发布时间: 2008-06-03
- 威胁类型: 远程
- 更新时间: 2009-04-01
- 厂 商: citrix
- 漏洞来源: Citrix
漏洞简介
Citrix Access Gateway 标准版4.5.7以及之前的版本和高级版本4.5 HF2以及之前的版本存在未明漏洞。攻击者可以借助未明向量,绕过身份认证和获得对网络资源的访问权限。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接: 厂商发布了固件更新以解决此漏洞。
Citrix Access Gateway Standard Edition 4.5.5
Citrix Hotfix AG2000_V45_25418 - Access Gateway Standard Edition 4.5
https://www.citrix.com/English/myCitrix/loginNewUser.asp
Citrix Hotfix AG2000_v457 Rev A - Access Gateway Standard Edition 4.5.7
http://support.citrix.com/article/CTX116762
Citrix Access Gateway Standard Edition 4.5.6
Citrix Hotfix AG2000_V45_25418 - Access Gateway Standard Edition 4.5
https://www.citrix.com/English/myCitrix/loginNewUser.asp
Citrix Hotfix AG2000_v457 Rev A - Access Gateway Standard Edition 4.5.7
http://support.citrix.com/article/CTX116762
Citrix Access Gateway Standard Edition 4.5.7
Citrix Hotfix AG2000_V45_25418 - Access Gateway Standard Edition 4.5
https://www.citrix.com/English/myCitrix/loginNewUser.asp
Citrix Hotfix AG2000_v457 Rev A - Access Gateway Standard Edition 4.5.7
http://support.citrix.com/article/CTX116762
参考网址
来源: support.citrix.com
链接:http://support.citrix.com/article/CTX116930
来源: SECUNIA
名称: 30175
链接:http://secunia.com/advisories/30175
来源: XF
名称: citrix-access-unspecified-auth-bypass(42356)
链接:http://xforce.iss.net/xforce/xfdb/42356
来源: BID
名称: 29174
链接:http://www.securityfocus.com/bid/29174
来源: VUPEN
名称: ADV-2008-1474
链接:http://www.frsirt.com/english/advisories/2008/1474/references
来源: SECTRACK
名称: 1020025
链接:http://www.securitytracker.com/id?1020025
受影响实体
- Citrix Access_gateway:4.5:Advanced:Hf2
- Citrix Access_gateway:4.5.7:Standard
- Citrix Access_gateway:4.5.6:Standard
- Citrix Access_gateway:4.5.5:Standard
补丁
暂无
评论