漏洞类别:Local
漏洞等级: 
漏洞信息
NetSarang Computer, Inc. develops, markets and supports secure connectivity solution in the global market. The company develops a family of PC X server and SSH client software for PC-to-Unix and PC-to-Linux, and is expanding its TCP/IP network technologies to other Internet businesses.
It was found that NetSarang's update mechanism was recently hijacked and a backdoor was inserted silently in the software update, so that the malicious code would silently deliver to all of its clients with NetSarang's legitimate signed certificate.
Affected Version:
Xmanager Enterprise 5 Build 1232
Xmanager 5 Build 1045
Xshell 5 Build 1322
Xftp 5 Build 1218
Xlpd 5 Build 1220
Detection Logic:
This QID checks for affected product's build version in the registry and its associated executable.
漏洞危害
An unauthenticated, remote attacker could exploit compromised targets.
解决方案
Customers are advised to download latest packages from NetSarang Product Downloads
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
文章评论