Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:31816
HistoryMar 21, 2015 - 12:00 a.m.

Command injection vulnerability in Citrix NITRO SDK xen_hotfix page

2015-03-2100:00:00
vulners.com
14

Command injection vulnerability in Citrix NITRO SDK xen_hotfix page

Han Sahin, August 2014


Abstract

Securify discovered a command injection vulnerability in xen_hotfix page
of the NITRO SDK. The attacker-supplied command is executed with
elevated privileges (nsroot). This issue can be used to compromise of
the entire Citrix SDX appliance and all underling application's and
data.


Tested version

This issue was discovered in Citrix NetScaler SDX svm-10.5-50-1.9, other
versions may also be affected.


Fix

Citrix reports that this vulnerability is fixed in NetScaler 10.5 build
52.3nc.


Details

https://www.securify.nl/advisory/SFY20140806/command_injection_vulnerability_in_citrix_nitro_sdk_xen_hotfix_page.html