Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

The easiest way to get the root password is to become system admin. -- Unknown source


computers / rocksolid.shared.security / Someone is still using Citrix?

SubjectAuthor
o Someone is still using Citrix?anon

1
Someone is still using Citrix?

<ab569d65d6a9a610f2ab22ddbd84da6a@def4>

 copy mid

https://novabbs.com/computers/article-flat.php?id=101&group=rocksolid.shared.security#101

 copy link   Newsgroups: rocksolid.shared.security
Path: i2pn2.org!rocksolid2!def5!POSTED.localhost!not-for-mail
From: ano...@anon.com (anon)
Newsgroups: rocksolid.shared.security
Message-ID: <ab569d65d6a9a610f2ab22ddbd84da6a@def4>
Subject: Someone is still using Citrix?
Date: Sat, 18 Jan 2020 18:24:00+0000
Organization: def5
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
 by: anon - Sat, 18 Jan 2020 18:24 UTC

https://www.tripwire.com/state-of-security/vert/citrix-netscaler-cve-2019-19781-what-you-need-to-know/

Holy shit, a chain of fuckups:
-first, a path traversal
-then, writing to a directory containing scripts without any auth
-finally, an "undocumented feature", that allows remote code execution (so the backdoor that the technicians used for customer support, most like)

It takes a lot of effort to make something as bad as this. Burn it with fire, then scramble the ashes and scatter them into the winds.

Posted on def4

1
server_pubkey.txt

rocksolid light 0.9.7
clearnet tor