Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  login

"Jesus may love you, but I think you're garbage wrapped in skin." -- Michael O'Donohugh

computers / rocksolid.shared.security / Someone is still using Citrix?

SubjectAuthor
o Someone is still using Citrix?anon

1
Someone is still using Citrix?
  rocksolid.shared.security
Path: i2pn2.org!rocksolid2!def5!POSTED.localhost!not-for-mail
From: anon@anon.com (anon)
Newsgroups: rocksolid.shared.security
Message-ID: <ab569d65d6a9a610f2ab22ddbd84da6a@def4>
Subject: Someone is still using Citrix?
Date: Sat, 18 Jan 2020 18:24:00+0000
Organization: def5
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Xref: rslight2 rocksolid.shared.security:101
 by: anon - Sat, 18 Jan 2020 18:24 UTC

https://www.tripwire.com/state-of-security/vert/citrix-netscaler-cve-2019-19781-what-you-need-to-know/

Holy shit, a chain of fuckups:
-first, a path traversal
-then, writing to a directory containing scripts without any auth
-finally, an "undocumented feature", that allows remote code execution (so the backdoor that the technicians used for customer support, most like)

It takes a lot of effort to make something as bad as this. Burn it with fire, then scramble the ashes and scatter them into the winds.

Posted on def4

1
server_pubkey.txt

rocksolid light 0.9.1
clearnet tor