CITRIX & Microsoft Windows Terminal Services False IP Address Vulnerability

From: Pedro Quintanilha (PQuintanilha@abril.com.br)
Date: 11/21/01

• Previous message: pete: "Security Testing Workshop in Barcelona"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Subject: CITRIX & Microsoft Windows Terminal Services False IP Address Vulnerability
Date: Wed, 21 Nov 2001 09:43:52 -0200
Message-ID: <50CD784089E8B04A8F57C51AB16C93D71A7D7F@EXNEA01.gabril.com.br>
From: "Pedro Quintanilha" <PQuintanilha@abril.com.br>
To: <vuldb@securityfocus.com>

Like MS Terminal Services, CITRIX Metaframe 1.8 (and other versions, I
suppose) also only logs the IP informed by the client.

The log, made on Windows NT Event Log, looks like this:

========================================================================
Time: Wed Nov 21 09:37:00 2001
User: MARCUS Agent: metaframe2
Source: Security ID: 528 Type: Success Audit
Successful Logon:
        User Name: MARCUS
        Domain: NTDOMAIN
        Logon ID: (0x2,0x2959446E)
        Logon Type: 2
        Logon Process: User32
        Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
        Workstation Name: WTS2
        WinStation: ICA-tcp#245
        Session ID: 245
        Client Name: STATION2
        Client Address: 192.168.0.44
========================================================================

In a incident investigation this is a problem for trace-back the
suspects.

_________________________________
Pedro Quintanilha
Segurança da Informação
Editora Abril s/a
+55-11-3037-4297
pquintanilha@abril.com.br

---

• Previous message: pete: "Security Testing Workshop in Barcelona"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Move MultiUser Access Database onto Terminal Services ... I am running an Access Front-End using ODBC-linked SQLServer Tables as well ... as Jet-linked Tables using Citrix MetaFrame with more than 50 users but ... Access Database over terminal services? ... > Systems Developer ... (microsoft.public.access.conversion) Re: Citix MetaFrame ... > Does anyone know of any cheaper packages that Citrix Metaframe that will ... Will a MS Terminal services compatible client be acceptable? ... Charles LaCour ... (comp.unix.solaris) Windows Messenger 5.1 and Terminal Services ... and Citrix Metaframe). ... but application sharing is not enabled for the ... Is this feature supported with Terminal Services? ... Prev by Date: ... (microsoft.public.windowsxp.messenger) Terminal Services 2003 vs Citrix MetaFrame ... Can someone please help me with the differences between Terminal Services 2003 and Citrix MetaFrame. ... The Citrix MetaFrame Is very expensive, so we like to know if we get value for our money with the Citrix solution or we are better off with the Terminal Server 2003. ... All Clients have broadband Internet connection. ... (microsoft.public.windows.server.general)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > bugtraq  > 2001-11