RE: breakout of citrix

["Seth Hall" <shall () iotaengineering com>]

This from a reputable source:

"Tell them that they can avoid that problem by using an application like
appsec (res kit tool) or appsense application manager and restrict
explorer.exe from running (it is not required).

This is happening because by entering c:\ word invokes explorer (its
browsing), which can not be run in seamless mode (and will invoke a full
"desktop" when run, even in a non seamless session).  File security is
preserved even when this happens and a properly secured system will not
be impacted in the cases where this happens.  Anyone can browse the root
of c: (or m:) using file -> open, this can be averted by hiding the c
(or m:) drives using the registry (google it).

We run 150 applications for 6000 users, all with explorer.exe
unavailable.  If they need to make an explorer type window available for
file browsing, they can publish IE with the folders pane open
(iexplore.exe -e, I think google it).  This workaround is blessed
(advocated) by Citrix."

Hope that helps.

--Seth

-----Original Message-----
From: Nathaniel Hall [mailto:halln () otc edu] 
Sent: Thursday, October 21, 2004 12:02 PM
To: security-basics () securityfocus com
Subject: RE: breakout of citrix

I had the same breakout problem.  Luckily, I saw your e-mail in time for

a security audit we are beginning at the end of the month.  I will keep 
the list posted on how the issue is fixed.

Nathaniel Hall
Intrusion Detection and Firewall Technician
Ozarks Technical Community College -- Office of Computer Networking

halln () otc edu
417-799-0552



Depp, Dennis M. wrote:

> Can you tell me what version of Citrix you are running and what version
> of the client?  I was unable to reproduce this with Metaframe
> Presentation Server 3.0 and the Java 8.0 client.  You might check the
> version of the Citrix client you are running.  The current Widnows
> version is 8.0.  My WYSE terminals shipped with version 7.1 of the ICA
> client.  There is a download available to upgrade to the version 8
> client.
>
> Dennis
>
>  
>
> > -----Original Message-----
> > From: Kenzo [mailto:kenzo_chin () hotmail com] 
> > Sent: Tuesday, October 19, 2004 12:51 PM
> > To: security-basics () securityfocus com
> > Subject: breakout of citrix
> >
> > I was wondering if anyone has seen this and if there is a fix 
> > for this.
> > basically this is what's happening.
> > We have a test citrix environment serving couple apps.
> > The clients can either connect using the windows ica client 
> > or thru a WYSE
> > terminal.
> > In both case the same thing happens.
> > One particular app that we provide is MS word.
> > I discovered that if you insert a link into the work document 
> > such as "c:\"
> > and click on it.
> > Citrix freaks out, then gives you the desktop of the citrix server.
> > From there you can do access what ever programs you want.
> >
> > Any ideas on how to fix this??
> >
> > Thanks.
> >
> >