Bugtraq mailing list archives
Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta
From: Bela Lubkin <belal () caldera com>
Date: Sat, 27 Jul 2002 22:22:54 -0700
Russell Harding wrote:
Of course it matters if the client has code-injection 'portholes' as you call them. Someone may be using nasty tricks through ARP, DNS, or even manipulating routing tables, such that you are not actually connecting to a host you trust. This is why ssh implements host keys, so you can verify the authenticicy of the remote host. However, in the case described above, with SecureCRT, your machine would already be compromised before host key verification took place.
Thanks (and to Jim Paris). I of course did not mean that it was OK for the client to have code injection "portholes". I just meant that the particular exploit path that was described wasn't very interesting since someone who maliciously controls the sshd to which you are speaking has so many other opportunities to exploit you.
Bela<
Current thread:
- Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta kelli burkinshaw (Jul 23)
- <Possible follow-ups>
- Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta kelli burkinshaw (Jul 25)
- RE: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta Burton M. Strauss III (Jul 26)
- Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta Bela Lubkin (Jul 27)
- Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta Bela Lubkin (Jul 28)
- Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta Russell Harding (Jul 28)
- Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta Bela Lubkin (Jul 28)
- Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta Jim Paris (Jul 29)
- RE: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta Burton M. Strauss III (Jul 26)