Bugtraq mailing list archives
Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta
From: VanDyke Technical Support <support () vandyke com>
Date: 29 Jul 2002 16:35:47 -0000
In-Reply-To: <JIEPJGFPFMFIGBNCPKGGGEJHCLAA.bstrauss3 () attbi com>
We have released versions of SecureCRT that address this
vulnerability. This fix is available for ALL of our licensed
customers without charge. VanDyke Software recommends that all
users of SecureCRT upgrade immediately to the available versions.
Updated installers are available on our website:
Users who purchased SecureCRT licenses before January 1, 2000
(including users of SecureCRT 2.x) should upgrade to SecureCRT
3.2.2:
http://www.vandyke.com/download/securecrt/3.2/index.html
Users who purchased SecureCRT licenses before July 1, 2000
should upgrade to SecureCRT 3.3.4:
http://www.vandyke.com/download/securecrt/3.3/index.html
Users who purchased licenses on or after June 1, 20001 should
upgrade to SecureCRT 3.4.6 or SecureCRT 4.0 beta 3.
SecureCRT 3.4.6:
http://www.vandyke.com/download/securecrt/index.html
SecureCRT 4.0 beta 3:
http://www.vandyke.com/download/securecrt/beta.html
For more information about this vulnerability and VanDyke
Software's response to it, please visit our Security Advisory
page:
http://www.vandyke.com/products/securecrt/security07-25-02.html
If there are any questions related to these releases, please
send email to support () vandyke com.
-Daniel Prevett
VanDyke Software Technical Support
support () vandyke com
http://www.vandyke.com
You know, that's only partially a solution. For those of us who haven't chosen to PAY for the upgrade to 3.4, we're left out in the cold.
Quoting
from VanDyke's web page: "All users may evaluate SecureCRT 3.4 for 30 days free of charge.
Registered
users who purchased licenses before July 1, 2000 should consult the
Upgrade
Eligibility page to learn about licensing the 3.4 upgrade." and "SecureCRT Upgrade Registered users who purchased licenses before July 1, 2001 may choose to purchase SecureCRT upgrades starting at $39.95 for a single copy. <snip /> SecureCRT users who purchased licenses between January 1 and July 1, 2000 are eligible to download SecureCRT 3.3.3 and upgrade without charge. SecureCRT users who purchased licenses before January 1, 2000 are
eligible
to download SecureCRT 3.2.1 and upgrade without charge." I'm not unsympathetic to the need to have a licensing revenue stream, but let's remember that this leaves (dozens? hundreds? thousands? Just me) of your customers unprotected. -----Burton
Current thread:
- Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta kelli burkinshaw (Jul 23)
- <Possible follow-ups>
- Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta kelli burkinshaw (Jul 25)
- RE: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta Burton M. Strauss III (Jul 26)
- Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta Bela Lubkin (Jul 27)
- Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta Bela Lubkin (Jul 28)
- Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta Russell Harding (Jul 28)
- Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta Bela Lubkin (Jul 28)
- Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta Jim Paris (Jul 29)
- RE: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta Burton M. Strauss III (Jul 26)