[THIN] Re: [Fwd: *Sintelli Alert* SID-2004-1023 (Risk 7.6): Citrix MetaFrame ICA Connection Client Drive Access Vulnerability]

  • From: "Schill, Mark" <Mark.Schill@xxxxxxxxxxxxx>
  • To: <thin@xxxxxxxxxxxxx>
  • Date: Fri, 30 Apr 2004 14:14:43 -0500

It justs states that versions prior to 3.0 are affected. It didn't
suggest that you upgrade.

Mark E. Schill, CCA
BellSouth Technology Group
-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Ryan Lambert
Sent: Friday, April 30, 2004 2:34 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: [Fwd: *Sintelli Alert* SID-2004-1023 (Risk 7.6):
Citrix MetaFrame ICA Connection Client Drive Access Vulnerability]

I did see that, Jim.

I just thought suggesting an upgrade to 3.0 was a bit lame and
Microsoft-ish. :p

-----Original Message-----
From: Jim Kenzig http://thin.net [mailto:jimkenz@xxxxxxxxxxxxxx]=3D20
Sent: Friday, April 30, 2004 2:23 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: [Fwd: *Sintelli Alert* SID-2004-1023 (Risk 7.6):
Citrix MetaFrame ICA Connection Client Drive Access Vulnerability]

Lets just stop the Citrix bashing right now... had you guys taking one
second and gone to the link at the Citrix site you would SEE that there
are
hotfixes available for all versions.
http://support.citrix.com/kb/entry.jspa?entryID=3D3D4289&categoryID=3D3D1=
18
JK


-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx]On
Behalf Of Ryan Lambert
Sent: Friday, April 30, 2004 2:10 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: [Fwd: *Sintelli Alert* SID-2004-1023 (Risk 7.6):
Citrix MetaFrame ICA Connection Client Drive Access Vulnerability]


Ok.

So let's see.

Risk if:

#1 - User is authenticated as an Administrator.
#2 - User has "specially crafted" a program to target my/any ICA
sessions.

Gee whiz. I think it's safe to say you're toast already.

I think I'll go upgrade to Metaframe 3.0 right now...... so that way
when a malicious user authenticates as Administrator, they can still own
me. What I'm particularly curious about is how Metaframe 3.0 "fixes"
this "problem".

How incredibly lame on Citrix's part.

-----Original Message-----
From: Rob Beekmans [mailto:robbeekmans@xxxxxxxxxxxxx]=3D3D20
Sent: Friday, April 30, 2004 1:57 PM
To: thin@xxxxxxxxxxxxx
S
********************************************************
This week's sponsor - Emergent Online
Emergent delivers end-to-end solutions for private and public sector
clients. From centralized application management, business continuity,
outsourcing, to application development, security, and messaging
solutions.
http://www.go-eol.com/index.asp
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or=3D20
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm
********************************************************
This week's sponsor - Emergent Online
Emergent delivers end-to-end solutions for private and public sector
clients. From centralized application management, business continuity,
outsourcing, to application development, security, and messaging
solutions.
http://www.go-eol.com/index.asp
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or=20
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm


*****
"The information transmitted is intended only for the person or entity =
to which it is addressed and may contain confidential, proprietary, =
and/or privileged material.  Any review, retransmission, dissemination =
or other use of, or taking of any action in reliance upon, this =
information by persons or entities other than the intended recipient is =
prohibited.  If you received this in error, please contact the sender =
and delete the material from all computers."  113

********************************************************
This week's sponsor - Emergent Online
Emergent delivers end-to-end solutions for private and public sector clients. 
From centralized application management, business continuity, outsourcing, to 
application development, security, and messaging solutions.
http://www.go-eol.com/index.asp
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm

Other related posts: