[THIN] Re: Citrix Client v10

  • From: "Landin, Mark" <Mark.Landin@xxxxxxxxxxxxxxxx>
  • To: <thin@xxxxxxxxxxxxx>
  • Date: Fri, 2 Mar 2007 08:13:07 -0600

The danger is that someone with admin privileges (and many places still
have users with local admin rights on their own machines) gets exploited
by this flaw and this leads, at the minimum, to an installation vector
for more malicious software to piggyback on.
 
Further, that characterization of IT security types is insulting.

________________________________

From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Malcolm Bruton
Sent: Friday, March 02, 2007 3:29 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Citrix Client v10



Security people are like chickens.  They flap about a lot but don't
always understand the problems because their brains are too small.
Sometime it's juts easiest to get on with the request rather than make
them see sense.  

 

Anyway going to 10 suits us long term because we'll just have to do it
at some stage anyway.

 

Thanks for all the feedback guys.

 

From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Andrew Wood
Sent: 01 March 2007 22:24
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Citrix Client v10

 

"The Citrix Presentation Server Client for Windows includes support for
making ICA connections through proxy servers. An implementation flaw in
this functionality may allow an attacker to execute arbitrary code in
the context of the client process."

 

Surely that's only going to run in the context of the user - so the
major worry there is what?

 

From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Malcolm Bruton
Sent: 01 March 2007 16:20
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Citrix Client v10

 

Anyone been brave enough yet for deployment?

 

http://support.citrix.com/article/CTX112589

 

Conveient that citrix have released this article and asked to upgrade to
v10 to fix.....

 

Of which I already have our security team asking about upgrading

 

Malcolm

Other related posts: