Intrusion Prevention

Citrix.IMA.Service.Remote.Command.Execution

Description

This indicates an attack attempt against a heap-overflow vulnerability in Citrix Independent Management Architecture service (ImaSrv.exe).
The vulnerability is caused by an error when the vulnerable software handles malformed data to TCP ports 2512 and 2513. It allows a remote attacker to execute arbitrary code.

Affected Products

Metaframe Presentation Server 3.0
Presentation Server 4.0, 4.5
Access Essentials 1.0, 1.5, 2.0
Desktop Server 1.0

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Install the update available at the following web site:
http://support.citrix.com/article/CTX114487

CVE References

CVE-2008-0356