Security Basics mailing list archives
RE: breakout of citrix
From: "Dubber, Drew B" <drew.dubber () eds com>
Date: Thu, 21 Oct 2004 22:22:22 +0100
Hi Can't say that I've come across this issue before but since the Office Suite is so scriptable its pretty easy to try to invoke an explorer session locally - might be what is happening here? Have a look on Google for group policies on hiding and restricting drives, and also restricting direct access to the command shell. There are all standard GPO template settings in Win2k/3 that can be used to prevent the user seeing or accessing drive letters. Again, I'll whisper that you can lock down exe's with ACLs and use a Software Restriction Policy (or go one better with Appsense) to make your SBC environment more watertight. OOO, as someone else asked, what version of Citrix and Word are you using? Kind Regards Drew -----Original Message----- From: Kenzo [mailto:kenzo_chin () hotmail com] Sent: 19 October 2004 17:51 To: security-basics () securityfocus com Subject: breakout of citrix I was wondering if anyone has seen this and if there is a fix for this. basically this is what's happening. We have a test citrix environment serving couple apps. The clients can either connect using the windows ica client or thru a WYSE terminal. In both case the same thing happens. One particular app that we provide is MS word. I discovered that if you insert a link into the work document such as "c:\" and click on it. Citrix freaks out, then gives you the desktop of the citrix server.
From there you can do access what ever programs you want.
Any ideas on how to fix this?? Thanks.
Current thread:
- breakout of citrix Kenzo (Oct 20)
- Re: breakout of citrix Martin Mewes (Oct 21)
- <Possible follow-ups>
- RE: breakout of citrix Depp, Dennis M. (Oct 21)
- RE: breakout of citrix Nathaniel Hall (Oct 21)
- RE: breakout of citrix Seth Hall (Oct 22)
- RE: breakout of citrix Nathaniel Hall (Oct 21)
- RE: breakout of citrix Rob Wallace (Oct 21)
- Re: breakout of citrix Martin Mewes (Oct 21)
- RE: breakout of citrix Dubber, Drew B (Oct 21)
- Re: breakout of citrix Kenzo (Oct 22)
- FW: breakout of citrix Carolyn Ryll (Oct 22)