[26394] in bugtraq
Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta
daemon@ATHENA.MIT.EDU (Jim Paris)
Mon Jul 29 19:37:40 2002
Date: Sun, 28 Jul 2002 06:14:55 -0400
From: Jim Paris <jim@jtan.com>
To: Bela Lubkin <belal@caldera.com>
Cc: bugtraq@securityfocus.com
Message-ID: <20020728061455.A14747@neurosis.mit.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20020727222254.A17136@mammoth.ca.caldera.com>; from belal@caldera.com on Sat, Jul 27, 2002 at 10:22:54PM -0700
> Thanks (and to Jim Paris).
>
> I of course did not mean that it was OK for the client to have code
> injection "portholes". I just meant that the particular exploit path
> that was described wasn't very interesting since someone who maliciously
> controls the sshd to which you are speaking has so many other
> opportunities to exploit you.
Once again, you're wrong. "The particular exploit path that was
desscribed" does _not_ require that someone can control the sshd to
which you're speaking -- it only requires that someone can control
your TCP/IP traffic. There's a very big difference there. Obviously,
the security of your TCP/IP traffic is solved with host key
verification and cryptography. But this bug in SecureCRT happens way,
way before any of that takes place.
-jim
