Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta

From: Bela Lubkin (belalat_private)
Date: Sat Jul 27 2002 - 22:25:16 PDT

Next message: Bela Lubkin: "Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta"

Previous message: Bela Lubkin: "Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta"
In reply to: Bela Lubkin: "Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta"
Next in thread: Russell Harding: "Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I wrote:

> One of the README files on their site (I read it earlier today and
> didn't note the URL) says that a patched 3.2.1 version will be made
> available shortly.  They are not leaving you out in the cold.  You just
> need to wait a couple of days before resuming your practice of ssh'ing
> in to untrusted sites.

That URL was:

  http://www.vandyke.com/products/securecrt/security07-25-02.html

It's been revised since the quoted message -- it now shows availability
of SecureCRT 3.2.2, fixing this hole for holders of the oldest class of
SecureCRT license key.

>Bela<

Next message: Bela Lubkin: "Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta"
Previous message: Bela Lubkin: "Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta"
In reply to: Bela Lubkin: "Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta"
Next in thread: Russell Harding: "Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Jul 28 2002 - 00:05:32 PDT