Securecrt 6.1.25/4/2023 ![]() Or SecureCRT their default Telnet client.ĬERT Vulnerability Note - Double-free errors may allow unauthenticated Vulnerability is only applicable to users who have made CRT Privileges of the user running CRT or SecureCRT. Of arbitrary commands via a malicious logon script with the CRT™ and SecureCRT 4.0 and 4.1Īllow an arbitrary configuration folder to be specified toĬommand-line option. Secunia Advisory - SecureCRT Arbitrary Configuration Folder SecureCRT 4.1 or newer provides a fix for SSH2 connections. SecureCRT 4.0.9 and earlier may be vulnerable when SSH2 is used. This causes the client application to crash. Through the hostname field may trigger this vulnerability. It is reported that supplying an excessive SecureCRT is reported prone to a remote denial of VShell version 2.3.6 will ensure that when a host key isĪutomatically generated, the permissions on the host keyįile will be set such that only SYSTEM and members of theĪdministrators group will have access rights. Potentially allowing access to authenticated users. In VShell versions 2.3.5 and earlier for Windows, whenĪ host key is automatically created by VShell, the host keyįile inherits the permissions of its parent directory, Unicode string was converted to a narrow string. Overflow was theoretically possible when a SecureFX versions 3.0 through 3.0.4, a buffer In SecureCRT versions 5.0 through 5.0.4 and Version 2.6.2 and earlier for Windows, Red Hat Linux, HP-UX, AIX,Īnd Solaris are potentially vulnerable to this attack. SecureCRT ® versionĥ.2.1 and earlier, SecureFX ® version 4.0.1 and earlier, and VShell ® When the RSA key has a public exponent of three. It is theoretically possible for an attacker to forge RSA signatures Then regenerate cryptographic key material as described in the advisory. Is recommended that you upgrade your Debian- and Ubuntu-based systems and Not Applicable to VanDyke Software products. With the Debian GNU/Linux, Ubuntu, and other Debain-based operating systems. The random number generator used by the OpenSSL package included VShell® version 3.5.1 and earlier, SecureCRT® version 6.1.2 and earlier, SecureFX® version 6.1.2 and earlier, and VanDyke ClientPack 6.1.2 and earlier are potentially vulnerable to this attack.ĭebian has released a security advisory describing a vulnerability in VShell FTPS and the OpenSSL Heartbleed Vulnerabilityĭual_EC_DRBG and Extended Random (ER) algorithms not used inĬPNI has released a security advisory describing a vulnerability in SSH that allows an attacker with control over the network to recover up to 32 bits of plaintext from an SSH-protected connection in the standard configuration. Impact of the OpenSSL Heartbleed Vulnerability on SecureCRT, SecureFX, and the VanDyke ClientPack VShell does not set the environment variable necessary for the exploit to be possible. The GNU Bourne-Again Shell (Bash) 'Shellshock' vulnerability is not applicable to VShell. VanDyke Software products and the POODLE attack (SSL 3.0 Vulnerability) GHOST gethostbyname() Heap Overflow in glibc (CVE-2015-0235) VanDyke Software SecureCRT/SecureFX saved session password recovery Impact of the Python 2.7.9 CVE-2016-5699 vulnerability in SecureCRT VanDyke Software VShell Enterprise Edition with HTTPS directory traversal vulnerability VanDyke Software SecureCRT memory corruption vulnerability (CVE-2020-12651) The Log4j vulnerability is not applicable to VanDyke Software products. VanDyke Software products do not use Java and do not use the Apache Log4j library. VanDyke Software VShell for Windows Virtual Roots SFTP Directory Traversal VanDyke Software VShell for Windows Remote Execution via Triggers RSA BSAFE Crypto-C Micro Edition vulnerabilities (CVE-2019-3728 and CVE-2019-3733) and VanDyke VShell Server for Windows RSA BSAFE Crypto-C Micro Edition vulnerabilities (CVE-2019-3728 and CVE-2019-3733) and VanDyke Client Products for Windows VanDyke Software VShell saved data vulnerable to brute-force attack VanDyke Software SecureCRT and SecureFX saved data vulnerable to brute-force attack When a vulnerability is found to affect one or more of our products, we make every effort to provide a fix as quickly as possible and alert our customers using our website and our product announcement lists. VanDyke Software works closely with security investigators and researchers at CERT and other organizations to evaluate announced vulnerabilities and determine whether they impact our products. Addressing vulnerabilities in a timely fashion is part of our commitment to providing responsive support to our customers.
0 Comments
Leave a Reply. |