[26365] in bugtraq
Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta
daemon@ATHENA.MIT.EDU (Bela Lubkin)
Sun Jul 28 03:09:26 2002
Date: Sat, 27 Jul 2002 22:25:16 -0700
From: Bela Lubkin <belal@caldera.com>
To: bugtraq@securityfocus.com
Message-ID: <20020727222516.B7856@mammoth.ca.caldera.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20020726154110.A7856@mammoth.ca.caldera.com>; from belal@caldera.com on Fri, Jul 26, 2002 at 03:41:10PM -0700
I wrote:
> One of the README files on their site (I read it earlier today and
> didn't note the URL) says that a patched 3.2.1 version will be made
> available shortly. They are not leaving you out in the cold. You just
> need to wait a couple of days before resuming your practice of ssh'ing
> in to untrusted sites.
That URL was:
http://www.vandyke.com/products/securecrt/security07-25-02.html
It's been revised since the quoted message -- it now shows availability
of SecureCRT 3.2.2, fixing this hole for holders of the oldest class of
SecureCRT license key.
>Bela<
