CNNVD on the United States Netsarang company multi software the presence of malicious code briefings-vulnerability warning-the black bar safety net

ID MYHACK58:62201788601
Type myhack58
Reporter 佚名
Modified 2017-08-15T00:00:00


Recently, the national information security vulnerabilities library CNNVD received about the the United States Netsarang company more software there malicious code in case the message send. The company Xshell And Xmanager remote connection use of the product nssock2.dll module in the presence of malicious code that can lead to the user Server account, password and other information uploaded to a specific server. Currently, Netsarang company has for the affected product release upgrade version, the user can view nssock2.dll the version to determine whether or not affected by this, as by this Security Impact, Please as soon as possible the relevant product to upgrade to the latest version. National information security vulnerability database(CNNVD for the tracking analysis, as follows: First, the event description NetSarang is the United States A to provide a secure link solution company, the company's products mainly include Xmanager, Xmanager 3D, Xshell, Xftp and Xlpd remote link software. Xmanager,Xshell, Xftp, Xlpd and other product use nssock2. dll module version in the presence of malicious code. An attacker may by the malicious code to obtain the user Server accounts, passwords, network information, and other information, a further embodiment of a remote attack. Up to now, the following version of the product confirmed the presence of the malicious code: a XshellBuild 5.0.1322 XshellBuild 5.0.1325 XmanagerEnterprise 5.0 Build 1232 Xmanager5. 0 Build 1045 Xmanager5. 0 Build 1048 Xftp5. 0 Build 1218 Xftp5. 0 Build 1221 Xlpd5. 0 Build 1220 Second, the harm effects Xshell and Xmanager And Xftp and other remote links to products in the security operations used in a wide range, such as Xshell software is used on Windows platforms secure access to Unix/Linux hosts that Xmanager is used in the local computer while running Unix/Linux and Windows graphical program. The presence of the malicious code of the products will be through the DNS tunnel to send data, which may contain a user the server Username, Password, IP and other information, the attacker once you obtain the above information, can further to steal or Modify User server the sensitive information on the user Server result in more severe effects. Third, the repair recommendations Currently, NetSarang official has for the affected product release upgrade version to fix this security issue. Please the affected users to check whether the affected. If confirmed to be affected, please upgrade as soon as possible the latest version. 【Self-examination mode] The user can view the nssock2. dll version to determine whether or not affected by this, i.e., in the software installation directory found under the nssock2. dll file, right-click the file to view properties, if the version number is 5. 0. 0. 26 then there is a back door code. [Upgrade repair】 Affected users can upgrade to NetSarang official for each software release of the latest version to eliminate the vulnerability. Software download link: