CVE-2006-5821 - Vulnerability Details - OpenCVE

Heap-based buffer overflow in the IMA_SECURE_DecryptData1 function in ImaSystem.dll for Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to execute arbitrary code via requests to the Independent Management Architecture (IMA) service (ImaSrv.exe) with invalid size values that trigger the overflow during decryption.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Citrix	Metaframe Metaframe Presentation Server

Configuration 1 [-]

OR	cpe:2.3:a:citrix:metaframe:1.0::windows_2000:::::
	cpe:2.3:a:citrix:metaframe:3.0::microsoft_windows_2000:::::
	cpe:2.3:a:citrix:metaframe_presentation_server:4.0::64-bit:::::
	cpe:2.3:a:citrix:metaframe_presentation_server:4.0::microsoft_windows_2000:::::
	cpe:2.3:a:citrix:metaframe_presentation_server:4.0::microsoft_windows_2003:::::

No data.

References

Link	Providers
http://secunia.com/advisories/22802
http://securitytracker.com/id?1017205
http://support.citrix.com/article/CTX111186
http://www.securityfocus.com/archive/1/451337/100/100/threaded
http://www.securityfocus.com/bid/20986
http://www.vupen.com/english/advisories/2006/4429
http://www.zerodayinitiative.com/advisories/ZDI-06-038.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/30148

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-11-10T23:00:00

Updated: 2024-08-07T20:04:55.520Z

Reserved: 2006-11-08T00:00:00

Link: CVE-2006-5821

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2006-11-10T23:07:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2006-5821

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-11-09T00:00:00", "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the IMA_SECURE_DecryptData1 function in ImaSystem.dll for Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to execute arbitrary code via requests to the Independent Management Architecture (IMA) service (ImaSrv.exe) with invalid size values that trigger the overflow during decryption."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20061109 ZDI-06-038: Citrix MetaFrame IMA Management Module Remote Heap Overflow", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/451337/100/100/threaded"}, {"tags": ["x_refsource_MISC"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-038.html"}, {"name": "citrix-ima-management-bo(30148)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30148"}, {"name": "1017205", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1017205"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.citrix.com/article/CTX111186"}, {"name": "20986", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/20986"}, {"name": "22802", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/22802"}, {"name": "ADV-2006-4429", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/4429"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-5821", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Heap-based buffer overflow in the IMA_SECURE_DecryptData1 function in ImaSystem.dll for Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to execute arbitrary code via requests to the Independent Management Architecture (IMA) service (ImaSrv.exe) with invalid size values that trigger the overflow during decryption."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20061109 ZDI-06-038: Citrix MetaFrame IMA Management Module Remote Heap Overflow", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/451337/100/100/threaded"}, {"name": "http://www.zerodayinitiative.com/advisories/ZDI-06-038.html", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-038.html"}, {"name": "citrix-ima-management-bo(30148)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30148"}, {"name": "1017205", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017205"}, {"name": "http://support.citrix.com/article/CTX111186", "refsource": "CONFIRM", "url": "http://support.citrix.com/article/CTX111186"}, {"name": "20986", "refsource": "BID", "url": "http://www.securityfocus.com/bid/20986"}, {"name": "22802", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22802"}, {"name": "ADV-2006-4429", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/4429"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T20:04:55.520Z"}, "title": "CVE Program Container", "references": [{"name": "20061109 ZDI-06-038: Citrix MetaFrame IMA Management Module Remote Heap Overflow", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/451337/100/100/threaded"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-038.html"}, {"name": "citrix-ima-management-bo(30148)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30148"}, {"name": "1017205", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1017205"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.citrix.com/article/CTX111186"}, {"name": "20986", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/20986"}, {"name": "22802", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/22802"}, {"name": "ADV-2006-4429", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/4429"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-5821", "datePublished": "2006-11-10T23:00:00", "dateReserved": "2006-11-08T00:00:00", "dateUpdated": "2024-08-07T20:04:55.520Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:citrix:metaframe:1.0:*:windows_2000:*:*:*:*:*", "matchCriteriaId": "A77E8839-8E33-45E8-B491-C5733C8AB884", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:metaframe:3.0:*:microsoft_windows_2000:*:*:*:*:*", "matchCriteriaId": "0C88F86F-F07D-4C17-B5D5-EC8F1A69A65A", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:metaframe_presentation_server:4.0:*:64-bit:*:*:*:*:*", "matchCriteriaId": "E0A76F02-1EB3-4925-B241-91331EAFDDE8", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:metaframe_presentation_server:4.0:*:microsoft_windows_2000:*:*:*:*:*", "matchCriteriaId": "9565EB76-11A0-415F-943A-E9870F5F37D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:metaframe_presentation_server:4.0:*:microsoft_windows_2003:*:*:*:*:*", "matchCriteriaId": "A015864E-AF0C-49CA-8961-9CAA830DAE8E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the IMA_SECURE_DecryptData1 function in ImaSystem.dll for Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to execute arbitrary code via requests to the Independent Management Architecture (IMA) service (ImaSrv.exe) with invalid size values that trigger the overflow during decryption."}, {"lang": "es", "value": "Desbordamiento del b\u00fafer basado en mont\u00f3n en la funci\u00f3n IMA_SECURE_DecryptData1 en la ImaSystem.dll para el Citrix MetaFrame XP 1.0 y 2.0, y Presentation Server 3.0 y 4.0, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante una petici\u00f3n en el Independent Management Architecture (IMA) al servicio (ImaSrv.exe) con tama\u00f1os de valores no v\u00e1lidos que disparen el desbordamiento durante la desencriptaci\u00f3n."}], "id": "CVE-2006-5821", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-11-10T23:07:00.000", "references": [{"source": "cve@mitre.org", "url": "http://secunia.com/advisories/22802"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1017205"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://support.citrix.com/article/CTX111186"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/451337/100/100/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/20986"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/4429"}, {"source": "cve@mitre.org", "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-038.html"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30148"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/22802"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1017205"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://support.citrix.com/article/CTX111186"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/451337/100/100/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/20986"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/4429"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-038.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30148"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}