In-Reply-To: <JIEPJGFPFMFIGBNCPKGGGEJHCLAA.bstrauss3@attbi.com> We have released versions of SecureCRT that address this vulnerability. This fix is available for ALL of our licensed customers without charge. VanDyke Software recommends that all users of SecureCRT upgrade immediately to the available versions. Updated installers are available on our website: Users who purchased SecureCRT licenses before January 1, 2000 (including users of SecureCRT 2.x) should upgrade to SecureCRT 3.2.2: http://www.vandyke.com/download/securecrt/3.2/index.html Users who purchased SecureCRT licenses before July 1, 2000 should upgrade to SecureCRT 3.3.4: http://www.vandyke.com/download/securecrt/3.3/index.html Users who purchased licenses on or after June 1, 20001 should upgrade to SecureCRT 3.4.6 or SecureCRT 4.0 beta 3. SecureCRT 3.4.6: http://www.vandyke.com/download/securecrt/index.html SecureCRT 4.0 beta 3: http://www.vandyke.com/download/securecrt/beta.html For more information about this vulnerability and VanDyke Software's response to it, please visit our Security Advisory page: http://www.vandyke.com/products/securecrt/security07-25-02.html If there are any questions related to these releases, please send email to support@vandyke.com. -Daniel Prevett VanDyke Software Technical Support support@vandyke.com http://www.vandyke.com >You know, that's only partially a solution. For those of us who haven't >chosen to PAY for the upgrade to 3.4, we're left out in the cold. Quoting >from VanDyke's web page: > >"All users may evaluate SecureCRT 3.4 for 30 days free of charge. Registered >users who purchased licenses before July 1, 2000 should consult the Upgrade >Eligibility page to learn about licensing the 3.4 upgrade." > >and > >"SecureCRT Upgrade > >Registered users who purchased licenses before July 1, 2001 may choose to >purchase SecureCRT upgrades starting at $39.95 for a single copy. > ><snip /> > >SecureCRT users who purchased licenses between January 1 and July 1, 2000 >are eligible to download SecureCRT 3.3.3 and upgrade without charge. >SecureCRT users who purchased licenses before January 1, 2000 are eligible >to download SecureCRT 3.2.1 and upgrade without charge." > > >I'm not unsympathetic to the need to have a licensing revenue stream, but >let's remember that this leaves (dozens? hundreds? thousands? Just me) of >your customers unprotected. > >-----Burton
