OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Robert Dennis (rdennisALPHAPROTECH.COM)
Date: Wed Apr 10 2002 - 18:56:38 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    I found this same this same problem with Citrix XP, running NFuse v1.5.

    Environment

    --Citrix Metaframe XP Server Farm accessed via Published Applications
    --Citrix NFuse web server serving the access to the Published Applications
    through IIS 5.0 on Windows 2000
    --After installing the Security Rollup Package, users were able to login
    through Citrix NFuse login screen, but when the list of apps were to appear,
    a message stating "There was an error generating the app list: An error
    occurred while encoding a .GIF file. Pleae make sure that the path exists
    and the appropriate user account has sufficient permission to write and
    delete files"

    It turns out that the Security Rollup package turns off write access to
    wwwroot (and all subfolders) for all users except certain privileged groups.
    Regular users do not have access to write to your web directories (a good
    thing) however, this setting is recursive, and, as in this case, directories
    that are used as temp directories are not accessible to the user.

    To resolve this issue, I audited file access on the IIS server and found a
    Citrix directory, under the root web, that the Citrix user needs full write
    and delete privileges to render the web pages that Citrix NFuse works with.

    I do not know if this is similar, but I did find this through a test
    environment, and probably shows, yet again, why ALL patches and updates need
    be run through a test environment before going live.

    Regards,

    Robert Dennis
    Network Admin
    Alpha Pro Tech
    ph 905 479-0654 x233
    fax 905 479-9732

    -----Original Message-----
    From: Philip Walley [mailto:philip.walleyCONSULTRIX.NET]
    Sent: Tuesday, April 09, 2002 10:27 AM
    To: NTBUGTRAQLISTSERV.NTBUGTRAQ.COM
    Subject: Win2K security roll out package and citrix xp

    FYI...

    I recently cam across a situation with the security roll out package. It
    seems that installing this update on a Citrix XP server will cause
    authentication to fail for all users except admin. While I do not know
    the specifics of what occurs, users will be told that "the login
    credentials supplied are incorrect, please make sure caps lock is not
    on. Etc."

    I contacted Citrix to learn that they are aware of this authentication
    issue and was supplied a hotfix by them. I did have to install the
    hotfix ( in install mode) a couple of times before it actually worked on
    the servers.

    Philip D. Walley
    Network Consultant
    Consultrix Technologies
    Phone: 601-956-8909 ext. 305
    Fax: 601-956-8409