Home | FAQ | Contact | Privacy Policy
US-CERT
Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information
 

 View Notes By
Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric

 Other Documents
Technical Alerts

Technical Bulletins

Alerts

Security Tips

VanDyke Software Information for VU#973635

Date Notified:2005-07-25
Date Updated:
Statement Date:
Status Summary:Vulnerable

Vendor Statement

Description:

In VShell versions 2.3.5 and earlier for Windows, when a host key is automatically created by VShell, the host key file inherits the permissions of its parent directory, potentially allowing access to authenticated users.

Affected Product Versions:

- VShell for Windows, version 2.3.5 and earlier.

Solution:

VShell version 2.3.6 will ensure that when a host key is automatically generated, the permissions on the host key file will be set such that only SYSTEM and members of the Administrators group will have access rights.

VShell users with existing host key files can correct the permissions by modifying the Access Control List for the private host key file such that only SYSTEM and Administrators have access.

By default, the private host key file is created as:
  C:\Program Files\VShell\hostkey

Note: If you have configured VShell to run as a user other than SYSTEM, you will need to allow this user access to the host key file.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Because the hostkey may have been comprised, we also suggest that you create a new hostkey for the system.

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

Produced 2009 by US-CERT, a government organization
Disclaimers and copyright information