[THIN] Re: MetaFrame Conferencing Manager vulnerability

  • From: Rob Slayden <rslayden@xxxxxxxxxxxxx>
  • To: "'thin@xxxxxxxxxxxxx'" <thin@xxxxxxxxxxxxx>
  • Date: Tue, 22 Mar 2005 09:51:12 -0800

The other lame restriction of the product is number of users. You are
limited to what you can get on a single server, estimated to be about 100
users or so. That shut it down for us as we were looking for a methodology
to support 300+ users. Haven't even looked back. At this point, I am not
interested in even considering a Citrix solution as we hope to migrate off
of Citrix and onto a "pure" Terminal Server environment as soon as we get
all the details worked out AND can demonstrate a business case.
 
rob

  _____  

From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Chris Grecsek
Sent: Tuesday, March 22, 2005 12:20 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: MetaFrame Conferencing Manager vulnerability



Talking about conferencing manager...I recent set this up to test it out and
was shocked to find out I couldn't conference/share a published desktop. How
lame is that?! Citrix had a post in their forum of some backwards way of
share a desktop session and they even mentioned that that was done by
design. WHY?! Probably not going to use the product now unless someone
offers a better solution than what the forum suggested...any advice?

  

 

  _____  

From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Rob Slayden
Sent: Monday, March 21, 2005 10:01 AM
To: 'thin@xxxxxxxxxxxxx'
Subject: [THIN] MetaFrame Conferencing Manager vulnerability

 

Excerpt from: 
SecurityTracker Monday Morning Vulnerability Summary - Mar 21 2005
<http://www.securitytracker.com> http://www.securitytracker.com 

 

14. MetaFrame Conferencing Manager 
  
    Vendor: Citrix 
  
    A vulnerability was reported in Citrix MetaFrame Conferencing 
    Manager.  A remote user may be able to obtain control of a 
    conference.description00:A vulnerability exists in Citrix MetaFrame 
    Conferencing Manager.  A remote user may be able to obtain control 
    of a conference. 
  
    Impact: User access via network 
  
    Alert:  <http://securitytracker.com/alerts/2005/Mar/1013457.html>
http://securitytracker.com/alerts/2005/Mar/1013457.html 
  
The vendor reported this vulnerability.
Impact: A remote user may be granted keyboard and mouse control of a
conference.
Solution: The vendor has issued Hotfix MCM300W012, described at:

 <http://support.citrix.com/kb/entry.jspa?externalID=CTX105574>
http://support.citrix.com/kb/entry.jspa?externalID=CTX105574

Other related posts:

  1. Home
  2. thin
  3. Archive
  4. 03-2005