Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta

From: Jim Paris (jimat_private)
Date: Sun Jul 28 2002 - 03:14:55 PDT

Next message: Tom Fischer: "Re: Hoax Exploit"

Previous message: Microsoft Security Response Center: "RE: XWT Foundation Advisory"
In reply to: Bela Lubkin: "Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta"
Next in thread: VanDyke Technical Support: "Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Thanks (and to Jim Paris).
> 
> I of course did not mean that it was OK for the client to have code
> injection "portholes".  I just meant that the particular exploit path
> that was described wasn't very interesting since someone who maliciously
> controls the sshd to which you are speaking has so many other
> opportunities to exploit you.

Once again, you're wrong.  "The particular exploit path that was
desscribed" does _not_ require that someone can control the sshd to
which you're speaking -- it only requires that someone can control
your TCP/IP traffic.  There's a very big difference there.  Obviously,
the security of your TCP/IP traffic is solved with host key
verification and cryptography.  But this bug in SecureCRT happens way,
way before any of that takes place.

-jim

Next message: Tom Fischer: "Re: Hoax Exploit"
Previous message: Microsoft Security Response Center: "RE: XWT Foundation Advisory"
In reply to: Bela Lubkin: "Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta"
Next in thread: VanDyke Technical Support: "Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jul 29 2002 - 16:33:25 PDT