This article is a mirror article of machine translation, please click here to jump to the original article.

Architect_Programmer_Code Agriculture Network»Architect Other Technologies Safe offense and defense The official version of Xshell is implanted with a backdoor Trojan
View: 17005|Reply: 1

[Security Vulnerability] The official version of Xshell is implanted with a backdoor Trojan

[Copy link]
Posted on 8/24/2017 9:21:28 AM | | |

The Xshell version of the backdoor is implanted
Roar on August 14, the official version of 5.0 Build 1322 released by the well-known server terminal management software Xshell on July 18 was implanted into the backdoor, and users will be tricked when downloading and updating to this version. The roar editor inquired around, and many friends around him were affected, and the harm was being assessed, or the user device information may be stolen.
Xshell is a powerful server terminal management software that supports SSH1, SSH2, TELNET and other protocols, developed by the foreign company NetSarang, and has a large audience in the circles of operation and maintenance, webmasters, and security.
NetSarang issued a security bulletin on August 7, saying that its recently updated (July 18) Xmanager Enterprise, Xmanager, Xshell, Xftp, and Xlpd software had security vulnerabilities, and the official had urgently fixed it on August 5 and released an updated version. No vulnerabilities have been found to have been exploited.
Affected versions of the five software:
Xmanager Enterprise 5.0 Build 1232
Xmanager 5.0 Build 1045
Xshell 5.0 Build 1322
Xftp 5.0 Build 1218
Xlpd 5.0 Build 1220

On August 5, the five software released new versions, and the changelog was basically the same, all mentioning the nssock2.dll of tracking messages and problem files for fixing SSH channels:
FIX: Unnecessary SSH channel trace messagesFIX: Patched an exploit related to nssock2.dll
NetSarang did not explain the cause of the vulnerability, and according to Roar, it is likely that the company suffered an intrusion and the release version was implanted in a backdoor.
The roar editor learned that some domestic users updated to the Xshell problem version, and the packet capture found that the nssock2.dll of this version would send a malformed DNS request to an unfamiliar domain name (*.nylalobghyhirgh.com). The version in question nssock2.dll has an official signature, and it is possible that the attacker stole NetSarang's signature or implanted it directly at the source code level.


Fix plan

NetSarang has released a fixed version, and Roar recommends that users of the company's products update to the latest version as soon as possible, and the enterprise network can block the *.nylalobghyhirgh.com domain name.





Previous:Architect website 3rd anniversary celebration
Next:MySQL database backup and export

Related Posts
Posted on 3/25/2018 11:34:43 PM |
Prompt:Authors are banned or removed content is automatically blocked
Disclaimer:
All software, programming materials or articles published by Code Farmer Network are only for learning and research purposes; The above content shall not be used for commercial or illegal purposes, otherwise, users shall bear all consequences. The information on this site comes from the Internet, and copyright disputes have nothing to do with this site. You must completely delete the above content from your computer within 24 hours of downloading. If you like the program, please support genuine software, purchase registration, and get better genuine services. If there is any infringement, please contact us by email.
Mail To:help@itsvse.com