• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: SSH Tectia Windows Path Specification Privilege Escalation Vulnerability

Severity: HIGH

Description:

SSH Tectia is software for managing the running of ssh.

Tectia is affected by a pathname-parsing flaw during sub-process execution. An unspecified process attempts to spawn a related executable sub-component without using properly parsed paths. Local users with high enough privileges could place an arbitrary executable on the computer so that it is spawned in place of the expected sub-component. When another user runs the affected software, the planted executable would then be launched in the context of the Tectia process with root or the same privileges of the unsuspecting user. The user who plants the executable may also be able to restart the computer and re-execute the affected software.

An attacker may exploit this flaw to gain elevated privileges.

The following versions of Tectia are affected by this issue:

SSH Tectia Connector 5.0.0 and 5.0.1
SSH Tectia Server version 5.0.0, 5.0.1, and 4.4.5 (and older versions)
SSH Tectia Client version 5.0.0, 5.0.1, 4.4.5 (and older versions)
SSH Tectia Client version 4.3.8K (and older Korean versions)
SSH Tectia Client version 4.3.1J (and older Japanese versions)
SSH Tectia Manager version 2.1.2 (and older versions)

Affected Products:

• SSH Communications Security SSH Tectia Manager 1.3
• SSH Communications Security SSH Tectia Manager 1.4
• SSH Communications Security Tectia Client 4.0.0
• SSH Communications Security Tectia Client 4.0.1
• SSH Communications Security Tectia Client 4.0.3
• SSH Communications Security Tectia Client 4.0.4
• SSH Communications Security Tectia Client 4.0.5
• SSH Communications Security Tectia Client 4.2.0
• SSH Communications Security Tectia Client 4.2.1
• SSH Communications Security Tectia Client 4.3.0
• SSH Communications Security Tectia Client 4.3.1
• SSH Communications Security Tectia Client 4.3.1 J
• SSH Communications Security Tectia Client 4.3.2
• SSH Communications Security Tectia Client 4.3.3
• SSH Communications Security Tectia Client 4.3.4
• SSH Communications Security Tectia Client 4.3.5
• SSH Communications Security Tectia Client 4.3.6
• SSH Communications Security Tectia Client 4.3.7
• SSH Communications Security Tectia Client 4.3.8 K
• SSH Communications Security Tectia Client 4.4.0
• SSH Communications Security Tectia Client 4.4.1
• SSH Communications Security Tectia Client 4.4.2
• SSH Communications Security Tectia Client 4.4.3
• SSH Communications Security Tectia Client 4.4.4
• SSH Communications Security Tectia Client 4.4.5
• SSH Communications Security Tectia Client 5.0.0
• SSH Communications Security Tectia Client 5.0.1
• SSH Communications Security Tectia Connector 5.0.0
• SSH Communications Security Tectia Connector 5.0.1
• SSH Communications Security Tectia Manager 2.1.2
• SSH Communications Security Tectia Server 4.0.0
• SSH Communications Security Tectia Server 4.0.3
• SSH Communications Security Tectia Server 4.0.4
• SSH Communications Security Tectia Server 4.0.5
• SSH Communications Security Tectia Server 4.2.1
• SSH Communications Security Tectia Server 4.3.0
• SSH Communications Security Tectia Server 4.3.1
• SSH Communications Security Tectia Server 4.3.2
• SSH Communications Security Tectia Server 4.3.3
• SSH Communications Security Tectia Server 4.3.4
• SSH Communications Security Tectia Server 4.3.5
• SSH Communications Security Tectia Server 4.3.6
• SSH Communications Security Tectia Server 4.3.7
• SSH Communications Security Tectia Server 4.4.0
• SSH Communications Security Tectia Server 4.4.2
• SSH Communications Security Tectia Server 4.4.3
• SSH Communications Security Tectia Server 4.4.4
• SSH Communications Security Tectia Server 4.4.5
• SSH Communications Security Tectia Server 5.0.0
• SSH Communications Security Tectia Server 5.0.1

References:

• SSH Communications Security: August 23 2006 advisory
• SSH Communications Security: Homepage
• SSH Communications Security: Maintenance Release Downloads

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.