You don't need to run a working exploit to know if a system is vulnerable or not, though. Simply visit: CITRIXGATEWAY/vpns/cfg/smb.conf in your web browser or script or whatever. If you get a file, the system is vulnerable. If you get a 403, it has had mitigations applied.
-
-
Show this thread
-
Also, FreeBSD 8.4 was EOL'd years ago. And even FreeBSD v. current doesn't even have ASLR enabled (not that it'd matter in this particular case). And this is something you're exposing directly to the Internet? YOLO!
Show this thread -
Note that Citrix has updated https://support.citrix.com/article/CTX267027 … since its initial release. Two notable changes: 1) Citrix SD-WAN WANOP has been added to affected products. 2) Citrix ADC Release 12.1 builds before 51.16/51.19 and 50.31 have bugs that make the mitigations not work. Whoops!
Show this thread -
And just for the record, /vpn/../vpns/cfg/smb.conf is the more universal form of the URI to test the vulnerability. The directory traversal is required for IPs listening for the VPN Virtual server. e.g. curl https:// CITRIXGATEWAY /vpn/../vpns/cfg/smb.conf --path-as-is -k
Show this thread -
Note that Citrix is rolling out changes to address CVE-2019-19781 for some versions at https://support.citrix.com/article/CTX267027 … Unauthenticated users no longer appear to be able to request the pages in question.pic.twitter.com/kh2oJlOd10
Show this thread
End of conversation
New conversation -
-
-
This is near 100% identical of the dir traversal i reported 2011. citrix classified it as ‚information disclosure‘. Daemon ran as root
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@threadreaderapp unroll this pls. -
Namaste, there is your unroll: Thread by
@wdormann: The cat's pretty much out of the bag on how to exploit this. Expect widespread exploitation… https://threadreaderapp.com/thread/1215689019486543874.html …. Share this if you think it's interesting.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.