SecurityTracker.com Archives - SSH Tectia Client/Server/Connector/Manager Pathname Parsing Flaw Lets Local Users Gain Elevated Privileges

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us | Help |

SecurityTracker
Archives

Welcome to SecurityTracker!

Click to Sign Up

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Sign Up!

Category: Application (VPN) > SSH Tectia Server

Vendors: SSH Communications

SSH Tectia Client/Server/Connector/Manager Pathname Parsing Flaw Lets Local Users Gain Elevated Privileges

SecurityTracker Alert ID: 1016743

SecurityTracker URL: http://securitytracker.com/id?1016743

CVE Reference: CVE-2006-4315 (Links to External Site)

Updated: Aug 24 2006

Original Entry Date: Aug 23 2006

Impact: Execution of arbitrary code via local system, Root access via local system, User access via local system

Fix Available: Yes Vendor Confirmed: Yes

Version(s): Various Windows-based versions of the Client, Server, Connector, and Manager.

Description: A vulnerability was reported in the SSH Tectia products on Windows-based systems. A local user can gain elevated privileges.

A local user with privileges to create files in the system root directory or the 'Program Files' directory or subdirectories can create a specially named executable in one of those directories and then cause the executable to be started with root privileges or the privileges of another user. This is due to a pathname parsing flaw in the Windows-based versions of the SSH Tectia products.

The following Windows-based versions are affected:

* SSH Tectia Client/Server/Connector 5.0.0 and 5.0.1
* SSH Tectia Client/Server version 4.4.5 (and older)
* SSH Tectia Client version 4.3.8K (and older Korean versions)
* SSH Tectia Client version 4.3.1J (and older Japanese versions)
* SSH Tectia Manager version 2.1.2 (and older versions) Management Agent

SSH credits Mr. Charles Morris with reporting this vulnerability.

Impact: A local user with certain file creation privileges can cause arbitrary code to be executed with the privileges of a target user, potentially including root privileges.

Solution: The vendor has issued the following fixes, available at:

http://www.ssh.com/support/downloads/

* SSH Tectia Server/Client 4.4.6
* SSH Tectia Server/Client/Connector 5.0.2
* SSH Tectia Server/Client/Connector 5.1.0
* SSH Tectia Client 4.3.9K
* SSH Tectia Client 4.3.2J
* SSH Tectia Manager 2.1.3
* SSH Tectia Manager 2.2.0

The SSH advisory is available at:

http://www.ssh.com/company/news/arti cle/775/

Vendor URL: www.ssh.com/company/news/article/775/ (Links to External Site)

Cause: State error

Underlying OS: Windows (Any)

Message History: None.

Source Message Contents

Date: Wed, 23 Aug 2006 15:33:25 -0400
Subject: SSH Tectia Windows Pathname Parsing Vulnerability

 
 
http://www.ssh.com/company/news/article/775/

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us | Help
Copyright 2006, SecurityGlobal.net LLC