Penetration Testing mailing list archives
Re: [PEN-TEST] Citrix
From: Peter Van Epp <vanepp () SFU CA>
Date: Tue, 10 Oct 2000 08:44:58 -0700
On Mon, 9 Oct 2000, Beauregard, Claude Q wrote:Has anyone done any penetration regarding Citrix and Internet access as provided by the Citrix servers to internal network resources. Even though they are now using 128bit encryption for the client the hole in the firewall is there waiting to be exploited.Can you elaborate what you see as a hole? Hugo.
While I'm not the original poster, I was (and to some extent still am)
looking at this as a way to get "web" access in to a secure network. My
concern is that as I feared the link between the client and server is apparantly
a full service link (i.e. it allows drive mounting from the server by the
client for instance). The application I'm interested in (and which sounds like
what this person is doing) is to have the server out on the net, subject to
being broken in to like all NT devices but having nothing except video commands
going in and key strokes coming out from the secure network. Thus a breakin
on the server doesn't compromise the internal secure network (as long as
confidential data is kept off of the Citrix server at least). The attacker can
draw obcsene images on a single screen inside the secure network, but likely
(modulo bugs in the video drawing routines on the client side of course) can't
take over the client machine and compromise the internal network. It looks to me
from what little I have found out about the Citrix protocol that you would
need an application proxy type firewall to filter out all protocol elements
other than screen draw commands in and key strokes out before you could do
this safely. With things like file system mounting possible I expect that a
compromise of the server could also result in a compromise of the secure network
that the client is part of by subverting the client.
This of course may not be possible if the protocol gets unhappy
about not being able to talk to the client except with video drawing commands.
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
Current thread:
- [PEN-TEST] Citrix Beauregard, Claude Q (Oct 09)
- Re: [PEN-TEST] Citrix van der Kooij, Hugo (Oct 10)
- Re: [PEN-TEST] Citrix Peter Van Epp (Oct 10)
- Re: [PEN-TEST] Citrix Ryan Russell (Oct 10)
- Re: [PEN-TEST] Citrix Christopher Winter (Oct 10)
- <Possible follow-ups>
- Re: [PEN-TEST] Citrix Beauregard, Claude Q (Oct 10)
- Re: [PEN-TEST] Citrix van der Kooij, Hugo (Oct 10)
- Re: [PEN-TEST] Citrix van der Kooij, Hugo (Oct 10)