RE: Citrix Client Access Verification

From: Robert Collins (robert.collinsat_private)
Date: Sun Sep 23 2001 - 19:57:11 PDT

Next message: Franklin DeMatto: "static dll's for windows buffer overflows"

Previous message: sween: "Citrix Client Access Verification"
Maybe in reply to: sween: "Citrix Client Access Verification"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> -----Original Message-----
> From: sween [mailto:sweenat_private]
>
> Your professional opinions are appreciated.
> 
> About a month ago I had posted the below as a Citrix Client Access
> Advisory and got several responses to the fact that it either 
> it was not a
> valid vulnerabilty or that it was a default configuration problem.  
> which may be true.
> 
> but consider this.  The "only allow users to launch published
> applications" checkbox only works in an environment when you are only
> serving published applications and not in an environment where you are
> serving desktops AND applications.  You can visually tell by the

This is not correct. You can server desktops _as_ published applications
simply by serving "explorer.exe". Then you can turn on the checkbox for
"only allow users to launch published applications". IMO that does make
this a purely configuration issue.

Rob

Next message: Franklin DeMatto: "static dll's for windows buffer overflows"
Previous message: sween: "Citrix Client Access Verification"
Maybe in reply to: sween: "Citrix Client Access Verification"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Sep 23 2001 - 19:56:05 PDT