Vulnerability Development mailing list archives

RE: Citrix Client Access Verification

From: "Robert Collins" <robert.collins () itdomain com au>
Date: Mon, 24 Sep 2001 12:57:11 +1000

-----Original Message-----
From: sween [mailto:sween () modelm org]

Your professional opinions are appreciated.

About a month ago I had posted the below as a Citrix Client Access
Advisory and got several responses to the fact that it either 
it was not a
valid vulnerabilty or that it was a default configuration problem.  
which may be true.

but consider this.  The "only allow users to launch published
applications" checkbox only works in an environment when you are only
serving published applications and not in an environment where you are
serving desktops AND applications.  You can visually tell by the


This is not correct. You can server desktops _as_ published applications
simply by serving "explorer.exe". Then you can turn on the checkbox for
"only allow users to launch published applications". IMO that does make
this a purely configuration issue.

Rob

Current thread:

Citrix Client Access Verification sween (Sep 23)
- <Possible follow-ups>
- RE: Citrix Client Access Verification Robert Collins (Sep 23)