[Dshield] Citrix MetaFrame

Wilson, Jesse (I.T. Dept) WilsonJ at stifel.com
Wed Oct 17 13:45:01 GMT 2001

Citrix MetaFrame Remote Denial of Service Vulnerability 


ISS has discovered a remote Denial of Service (DoS) vulnerability
in Citrix MetaFrame. Citrix MetaFrame is an application server that
works with Windows Terminal Services. This vulnerability causes a
MetaFrame installation to crash or "blue screen" and requires an 
affected system to be restarted manually. No local access is needed
to exploit this vulnerability.

Affected Versions:

Citrix MetaFrame 1.8 Server with Service Pack 3
Citrix MetaFrame XP Server
Citrix MetaFrame XP Server Service Pack 1


Citrix MetaFrame works with Windows Terminal Services to provide
application server capabilities.

This vulnerability is caused by the improper handling of the
establishment of multiple sessions in the Citrix product. An attacker
can initiate multiple fake sessions with the target server by simulating
the protocol used between the MetaFrame client and server. These
sessions pass file name and other information from client to server
before encrypted channels are established. The server allows a maximum
of approximately 52 sessions to be started. After the sessions time out,
new sessions that are initiated will cause the server to crash. The new
sessions cause an exception that results in a blue screen. This
exception, which is usually a page fault, can occur in various


More information about the list mailing list