Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta

From: VanDyke Technical Support (supportat_private)
Date: Mon Jul 29 2002 - 09:35:47 PDT

Next message: bugzillaat_private: "[RHSA-2002:132-14] Updated util-linux package fixes password locking race"

Previous message: Lee Howard: "HylaFAX - Various Vulnerabilities Fixed"
Maybe in reply to: Kyuzo: "Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta"
Next in thread: VanDyke Technical Support: "Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) In-Reply-To: <JIEPJGFPFMFIGBNCPKGGGEJHCLAA.bstrauss3at_private> We have released versions of SecureCRT that address this vulnerability. This fix is available for ALL of our licensed customers without charge. VanDyke Software recommends that all users of SecureCRT upgrade immediately to the available versions. Updated installers are available on our website: Users who purchased SecureCRT licenses before January 1, 2000 (including users of SecureCRT 2.x) should upgrade to SecureCRT 3.2.2: http://www.vandyke.com/download/securecrt/3.2/index.html Users who purchased SecureCRT licenses before July 1, 2000 should upgrade to SecureCRT 3.3.4: http://www.vandyke.com/download/securecrt/3.3/index.html Users who purchased licenses on or after June 1, 20001 should upgrade to SecureCRT 3.4.6 or SecureCRT 4.0 beta 3. SecureCRT 3.4.6: http://www.vandyke.com/download/securecrt/index.html SecureCRT 4.0 beta 3: http://www.vandyke.com/download/securecrt/beta.html For more information about this vulnerability and VanDyke Software's response to it, please visit our Security Advisory page: http://www.vandyke.com/products/securecrt/security07-25-02.html If there are any questions related to these releases, please send email to supportat_private -Daniel Prevett VanDyke Software Technical Support supportat_private http://www.vandyke.com >You know, that's only partially a solution. For those of us who haven't >chosen to PAY for the upgrade to 3.4, we're left out in the cold. Quoting >from VanDyke's web page: > >"All users may evaluate SecureCRT 3.4 for 30 days free of charge. Registered >users who purchased licenses before July 1, 2000 should consult the Upgrade >Eligibility page to learn about licensing the 3.4 upgrade." > >and > >"SecureCRT Upgrade > >Registered users who purchased licenses before July 1, 2001 may choose to >purchase SecureCRT upgrades starting at $39.95 for a single copy. > ><snip /> > >SecureCRT users who purchased licenses between January 1 and July 1, 2000 >are eligible to download SecureCRT 3.3.3 and upgrade without charge. >SecureCRT users who purchased licenses before January 1, 2000 are eligible >to download SecureCRT 3.2.1 and upgrade without charge." > > >I'm not unsympathetic to the need to have a licensing revenue stream, but >let's remember that this leaves (dozens? hundreds? thousands? Just me) of >your customers unprotected. > >-----Burton

Next message: bugzillaat_private: "[RHSA-2002:132-14] Updated util-linux package fixes password locking race"
Previous message: Lee Howard: "HylaFAX - Various Vulnerabilities Fixed"
Maybe in reply to: Kyuzo: "Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta"
Next in thread: VanDyke Technical Support: "Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jul 29 2002 - 11:13:06 PDT