Intrusion Prevention

Citrix.IMA.Invalid.Event.Data.Length.DoS

Description

This indicates an attack attempt against a denial-of-service vulnerability in
the Citrix Presentation Server.
The vulnerability is caused by an error when the Independent Management Architecture (IMA) component handles a malicious Event Data. It allows a remote attacker to crash the vulnerable software via sending a crafted TCP packet.

Affected Products

Citrix MetaFrame XP 1.0 for Windows 2000 Server
Citrix MetaFrame XP 1.0 for Windows Server 2003
Citrix MetaFrame Presentation Server 3.0 for Windows 2000 Server
Citrix MetaFrame Presentation Server 3.0 for Windows Server 2003
Citrix Presentation Server 4.0 for Windows 2000 Server
Citrix Presentation Server 4.0 for Windows Server 2003
Citrix Presentation Server 4.0 for Windows Server 2003 x64 Editions

Impact

Denial of service

Recommended Actions

Apply the appropriate patch:
http://support.citrix.com/article/CTX111186

CVE References

CVE-2006-5861