[THIN] Re: Citrix Client v10

• From: "Greg Reese" <gareese@xxxxxxxxx>
• To: thin@xxxxxxxxxxxxx
• Date: Fri, 2 Mar 2007 08:36:53 -0600

yeah...insulting to chickens.

just kidding.  I couldn't let that hang out there.

It's easy to pick on security guys but they're just doing their jobs.

Greg


On 3/2/07, Landin, Mark <Mark.Landin@xxxxxxxxxxxxxxxx> wrote:

 The danger is that someone with admin privileges (and many places still
have users with local admin rights on their own machines) gets exploited by
this flaw and this leads, at the minimum, to an installation vector for more
malicious software to piggyback on.

Further, that characterization of IT security types is insulting.

 ------------------------------
*From:* thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] *On
Behalf Of *Malcolm Bruton
*Sent:* Friday, March 02, 2007 3:29 AM
*To:* thin@xxxxxxxxxxxxx
*Subject:* [THIN] Re: Citrix Client v10



Security people are like chickens.  They flap about a lot but don't always
understand the problems because their brains are too small.  Sometime it's
juts easiest to get on with the request rather than make them see sense.



Anyway going to 10 suits us long term because we'll just have to do it at
some stage anyway.



Thanks for all the feedback guys.



*From:* thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] *On
Behalf Of *Andrew Wood
*Sent:* 01 March 2007 22:24
*To:* thin@xxxxxxxxxxxxx
*Subject:* [THIN] Re: Citrix Client v10



"The Citrix Presentation Server Client for Windows includes support for
making ICA connections through proxy servers. An implementation flaw in this
functionality may allow an attacker to execute arbitrary code in the context
of the client process."



Surely that's only going to run in the context of the user – so the major
worry there is what?



*From:* thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] *On
Behalf Of *Malcolm Bruton
*Sent:* 01 March 2007 16:20
*To:* thin@xxxxxxxxxxxxx
*Subject:* [THIN] Citrix Client v10



Anyone been brave enough yet for deployment?



http://support.citrix.com/article/CTX112589



Conveient that citrix have released this article and asked to upgrade to
v10 to fix.....



Of which I already have our security team asking about upgrading



Malcolm

• Follow-Ups:
  • [THIN] Re: Citrix Client v10
    • From: Malcolm Bruton

• References:
  • [THIN] Citrix Client v10
    • From: Malcolm Bruton
  • [THIN] Re: Citrix Client v10
    • From: Malcolm Bruton
  • [THIN] Re: Citrix Client v10
    • From: Landin, Mark

Other related posts:

• » [THIN] Citrix Client v10
• » [THIN] Re: Citrix Client v10
• » [THIN] Re: Citrix Client v10
• » [THIN] Re: Citrix Client v10
• » [THIN] Re: Citrix Client v10
• » [THIN] Re: Citrix Client v10
• » [THIN] Re: Citrix Client v10
• » [THIN] Re: Citrix Client v10
• » [THIN] Re: Citrix Client v10
• » [THIN] Re: Citrix Client v10
• » [THIN] Re: Citrix Client v10
• » [THIN] Re: Citrix Client v10
• » [THIN] Re: Citrix Client v10

1. Home
2. thin
3. Archive
4. 03-2007

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---