Re: Hoax Exploit

From: Tom Fischer (Tom.Fischerat_private-stuttgart.de)
Date: Mon Jul 29 2002 - 12:15:40 PDT

Next message: VanDyke Technical Support: "Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta"

Previous message: Jim Paris: "Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta"
In reply to: John Korsak: "Hoax Exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

On Mon, Jul 29, 2002 at 11:39:55AM -0400, John Korsak wrote:
> We have been unable to duplicate the problem and the code attached to the
> above message is unknown in nature.  We suspect that the "patch" released in
> the message is actually designed to open a vulnerability.  At this time we
> are advising our users that this advisory is a hoax and to not apply the
> patch.  I would like to request that the message be removed to prevent
> further confusion.  Thank you.
can't duplicate the remote code execution but the IMail Web Service (v.
7.11 - 2002.06.17.24) crashed cause of the GET request (DoS attack)

-- 
Tom Fischer                              Tom.Fischerat_private-stuttgart.de
RUS-CERT University of Stuttgart       Tel:+49 711 685-8076 / -5898 (fax)
Allmandring 30, D-70550 Stuttgart           http://cert.uni-stuttgart.de/

Next message: VanDyke Technical Support: "Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta"
Previous message: Jim Paris: "Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta"
In reply to: John Korsak: "Hoax Exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jul 29 2002 - 19:23:40 PDT