VanDyke Software

Security Advisory

Security Advisory — VShell® 2.x

 

In VShell versions 2.3.5 and earlier for Windows, when a host key is automatically created by VShell, the host key file inherits the permissions of its parent directory, potentially allowing access to authenticated users.


Posted: August 16, 2005

Description

Secure Shell provides remote, encrypted terminal access to hosts. Some Secure Shell servers running on Microsoft Windows (including VShell prior to version 2.3.6) set nonsecure permissions on the file storing the private Secure Shell server host key. This could allow an authenticated user to obtain the Secure Shell host key and use it to impersonate the server.

If an attacker copies the private host key of a server, they can configure another server with the same private key as the legitimate server. Such a server would appear valid to clients if another attack, such as DNS hijacking, was used to trick the client into connecting to the attacker's server.

Affected Software Versions

VShell for Windows, version 2.3.5 and earlier.
 

Vulnerability Fix Downloads

VShell 2.3.6 for Windows or later -
http://www.vandyke.com/download/vshell/download.html
 

Technical Support

For further information on the security advisory, please contact VanDyke Software.
 

Official Postings

US-CERT published an advisory on this vulnerability on July 18, 2005.
VanDyke posted this page on 08/16/2005.

 

Revision History

August 16, 2005 - Security Advisory published.