It justs states that versions prior to 3.0 are affected. It didn't suggest that you upgrade. Mark E. Schill, CCA BellSouth Technology Group -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Ryan Lambert Sent: Friday, April 30, 2004 2:34 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: [Fwd: *Sintelli Alert* SID-2004-1023 (Risk 7.6): Citrix MetaFrame ICA Connection Client Drive Access Vulnerability] I did see that, Jim. I just thought suggesting an upgrade to 3.0 was a bit lame and Microsoft-ish. :p -----Original Message----- From: Jim Kenzig http://thin.net [mailto:jimkenz@xxxxxxxxxxxxxx]=3D20 Sent: Friday, April 30, 2004 2:23 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: [Fwd: *Sintelli Alert* SID-2004-1023 (Risk 7.6): Citrix MetaFrame ICA Connection Client Drive Access Vulnerability] Lets just stop the Citrix bashing right now... had you guys taking one second and gone to the link at the Citrix site you would SEE that there are hotfixes available for all versions. http://support.citrix.com/kb/entry.jspa?entryID=3D3D4289&categoryID=3D3D1= 18 JK -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx]On Behalf Of Ryan Lambert Sent: Friday, April 30, 2004 2:10 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: [Fwd: *Sintelli Alert* SID-2004-1023 (Risk 7.6): Citrix MetaFrame ICA Connection Client Drive Access Vulnerability] Ok. So let's see. Risk if: #1 - User is authenticated as an Administrator. #2 - User has "specially crafted" a program to target my/any ICA sessions. Gee whiz. I think it's safe to say you're toast already. I think I'll go upgrade to Metaframe 3.0 right now...... so that way when a malicious user authenticates as Administrator, they can still own me. What I'm particularly curious about is how Metaframe 3.0 "fixes" this "problem". How incredibly lame on Citrix's part. -----Original Message----- From: Rob Beekmans [mailto:robbeekmans@xxxxxxxxxxxxx]=3D3D20 Sent: Friday, April 30, 2004 1:57 PM To: thin@xxxxxxxxxxxxx S ******************************************************** This week's sponsor - Emergent Online Emergent delivers end-to-end solutions for private and public sector clients. From centralized application management, business continuity, outsourcing, to application development, security, and messaging solutions. http://www.go-eol.com/index.asp ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or=3D20 set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm ******************************************************** This week's sponsor - Emergent Online Emergent delivers end-to-end solutions for private and public sector clients. From centralized application management, business continuity, outsourcing, to application development, security, and messaging solutions. http://www.go-eol.com/index.asp ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or=20 set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm ***** "The information transmitted is intended only for the person or entity = to which it is addressed and may contain confidential, proprietary, = and/or privileged material. Any review, retransmission, dissemination = or other use of, or taking of any action in reliance upon, this = information by persons or entities other than the intended recipient is = prohibited. If you received this in error, please contact the sender = and delete the material from all computers." 113 ******************************************************** This week's sponsor - Emergent Online Emergent delivers end-to-end solutions for private and public sector clients. From centralized application management, business continuity, outsourcing, to application development, security, and messaging solutions. http://www.go-eol.com/index.asp ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm