Van Dyke Technologies VShell Port Forwarding Vulnerability
BID:2402
Info
Van Dyke Technologies VShell Port Forwarding Vulnerability
| Bugtraq ID: | 2402 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Feb 16 2001 12:00AM |
| Updated: | Feb 16 2001 12:00AM |
| Credit: | Discoverd and posted in an @stake advisory on Feb 16, 2001. |
| Vulnerable: |
Van Dyke Technologies VShell 1.0.1 Van Dyke Technologies VShell 1.0 |
| Not Vulnerable: |
Van Dyke Technologies VShell 1.0.2 |
Discussion
Van Dyke Technologies VShell Port Forwarding Vulnerability
By default VShell is implemented with a port forwarding rule of 0.0.0.0/0.0.0.0 to any port. A valid user with an understanding of the internal addressing scheme in a network, could connect to any service desired.
By default VShell is implemented with a port forwarding rule of 0.0.0.0/0.0.0.0 to any port. A valid user with an understanding of the internal addressing scheme in a network, could connect to any service desired.
Solution / Fix
Van Dyke Technologies VShell Port Forwarding Vulnerability
Solution:
Van Dyke Technologies has addressed this issue in VShell 1.0.2:
https://secure.vandyke.com/vandyke-bin/download_form_vshell.cgi?TEMPLATE=vshell.html
Solution:
Van Dyke Technologies has addressed this issue in VShell 1.0.2:
https://secure.vandyke.com/vandyke-bin/download_form_vshell.cgi?TEMPLATE=vshell.html