[26270] in bugtraq
Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT
daemon@ATHENA.MIT.EDU (kelli burkinshaw)
Tue Jul 23 17:44:00 2002
Date: 23 Jul 2002 21:14:01 -0000
Message-ID: <20020723211401.7326.qmail@mail.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: kelli burkinshaw <kelli.burkinshaw@vandyke.com>
To: bugtraq@securityfocus.com
In-Reply-To: <20020722200944.A6030@SirDrinkalot.rm-f.net>
Hello Kyuzo,
This is the first VanDyke Software has heard of the problem you
reported. We take these issues seriously--making fixes available
to our customers as soon as possible. We have identified the area
of code where the problem exists and will be posting fixes for both
SecureCRT 3.4 and 4.0 to our website (www.vandyke.com) as soon as
possible.
It should also be noted that this problem is specific to SSH1 and
does not happen when SSH2 is selected as the protocol from SecureCRT.
Thank you for bringing this to our attention. For future reports,
feel free to send them directly to VanDyke Software
(support@vandyke.com).
kelli burkinshaw
Product Director
VanDyke Software
