Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2016-6493 - Memory Permission Weakness in Citrix XenApp and XenDesktop

Related Vulnerabilities: CVE-2016-6493  

Source

Description of Problem

A weakness has been identified in Citrix XenApp and XenDesktop. While this issue is not directly exploitable, it could potentially weaken an existing security mitigation, resulting in a loss of defence in depth.

This weakness affects the following Citrix products:

  • Citrix XenDesktop up to and including version 7.8
  • Citrix XenApp 7.x up to and including version 7.8

All versions of Citrix XenApp 6.x up to and including version 6.5 with HRP 06 installed

This weakness has been assigned the following CVE number:

  • CVE-2016-6493: Memory Permission Weakness in Citrix XenApp and XenDesktop

What Customers Should Do

This weakness has been addressed in the following Citrix products:

  • Citrix XenApp and XenDesktop 7.9 and later
  • Citrix XenApp and XenDesktop 7.6 LTSR CU2 and later 
  • Citrix XenApp 6.5 HRP07 and later

Citrix recommends that customers upgrade to these versions. These updates can be obtained from the following location:

Citrix XenApp & XenDesktop: https://www.citrix.com/downloads/xenapp-and-xendesktop/

Acknowledgements

Citrix thanks Udi Yavo, CTO, enSilo (http://www.ensilo.com) for working with us to protect Citrix customers.

What Citrix Is Doing

Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at http://support.citrix.com/.

Obtaining Support on This Issue

If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at https://www.citrix.com/support/open-a-support-case.html

Reporting Security Vulnerabilities

Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For guidance on how to report security-related issues to Citrix, please see the following document: CTX081743 – Reporting Security Issues to Citrix

Changelog

Date Change
August 3rd 2016 Initial bulletin publishing
August 4th 2016 Update to Applicable Products
October 5th 2016 Update to What Customers Should Do

February 13th 2017		 Update to What Customers Should Do 

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started