Hi,
We're running Metaframe XP for Windows 1.0, Feature Release 2. A vulnerability - Citrix Published Applications Remote Enumeration - has been raised by the site Security Manager. Following a link supplied by the security scanner used (Nessus) to http://archives.neohapsis.com/archives/bugtraq/2002-09/0330.html, I received and followed advice to " Disable MetaFrame XP server broadcast response. CMC | Right-click on farm | MetaFrame Settings tab | Uncheck the two boxes in the "Broadcast Response" section."
This has not cleared the problem. Is there anything else I should / could do? In particular, may use of TCP/IP Network protocol rather than TCP/IP + HTTP be contributing to our difficulties?
I'd be extremely grateful for any help with this.
Cheers
Charles
The original problem was discovered by PDP at:
http://www.gnucitizen.org/blog/citrix-owning-the-legitimate-backdoor/
And gives you some info regarding the issue, Citrix released this patch:
http://support.citrix.com/article/CTX115245
But not for XP, looks like you get to go XenApp 5 Yippee
--Emil
Thanks Emil,
I think those are the answers needed; yet again my manager prefers to stand upwind of me