[THIN] Re: [Fwd: *Sintelli Alert* SID-2004-1023 (Risk 7.6): Citrix MetaFrame ICA Connection Client Drive Access Vulnerability]

Bashing Citrix?, I thought it was the best marketing move ever....



-----Oorspronkelijk bericht-----
Van: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] Namens
Jim Kenzig http://thin.net
Verzonden: vrijdag 30 april 2004 20:23
Aan: thin@xxxxxxxxxxxxx
Onderwerp: [THIN] Re: [Fwd: *Sintelli Alert* SID-2004-1023 (Risk 7.6):
Citrix MetaFrame ICA Connection Client Drive Access Vulnerability]


Lets just stop the Citrix bashing right now... had you guys taking one
second and gone to the link at the Citrix site you would SEE that there
are hotfixes available for all versions.
http://support.citrix.com/kb/entry.jspa?entryID=4289&categoryID=118
JK


-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx]On
Behalf Of Ryan Lambert
Sent: Friday, April 30, 2004 2:10 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: [Fwd: *Sintelli Alert* SID-2004-1023 (Risk 7.6):
Citrix MetaFrame ICA Connection Client Drive Access Vulnerability]


Ok.

So let's see.

Risk if:

#1 - User is authenticated as an Administrator.
#2 - User has "specially crafted" a program to target my/any ICA
sessions.

Gee whiz. I think it's safe to say you're toast already.

I think I'll go upgrade to Metaframe 3.0 right now...... so that way
when a malicious user authenticates as Administrator, they can still own
me. What I'm particularly curious about is how Metaframe 3.0 "fixes"
this "problem".

How incredibly lame on Citrix's part.

-----Original Message-----
From: Rob Beekmans [mailto:robbeekmans@xxxxxxxxxxxxx]=20
Sent: Friday, April 30, 2004 1:57 PM
To: thin@xxxxxxxxxxxxx
S
********************************************************
This week's sponsor - Emergent Online
Emergent delivers end-to-end solutions for private and public sector
clients. From centralized application management, business continuity,
outsourcing, to application development, security, and messaging
solutions. http://www.go-eol.com/index.asp
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm

********************************************************
This week's sponsor - Emergent Online
Emergent delivers end-to-end solutions for private and public sector clients. 
From centralized application management, business continuity, outsourcing, to 
application development, security, and messaging solutions.
http://www.go-eol.com/index.asp
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm

Other related posts: