 |  |
ISP List wrote:
Re: PLINK.EXE installed by OptiGold - Potential Security Issue
From: Shawn Hogan
Date: Monday, October 7, 2002
Time: 12:29:14 am
> When installing a new box for use with the OG Web Interface, I noticed that
> when I installed the latest OptiGold package, ispfull309.exe (using the
> Workstation and Web Server Install), that this is dropped into the system
> root (in my case, c:\winnt)
>
> 07/19/2002 01:08p 221,184 plink.exe
>
> which turns out to be:
>
> PuTTY Link: command-line connection utility
> Release 0.52
> Usage: plink [options] [user@]host [command]
> ("host" can also be a PuTTY saved session name)
> Options:
> -v show verbose messages
> -ssh force use of ssh protocol
> -P port connect to specified port
> -pw passw login with specified password
> -m file read remote command(s) from file
> -L listen-port:host:port Forward local port to remote address
> -R listen-port:host:port Forward remote port to local address
>
> While in and of itself this file is harmless, used maliciously it could be
> used as vehicle for unauthorized proxy/port forwarding or worse (any time
> you can configure a command line utility to listen on a port and forward
> elsewhere, i get nervous). I confirmed that this is indeed being installed
> by OG via the uninstall logfile, and uninstalling/reinstalling the package
> several times to confirm.
>
> 1. Why is this file installed by OptiGold?
That is what Optigold uses for it's SSH gateway. You can delete it if you
would like (the only thing it will affect is you will not be able to run SSH
events from Optigold).
> 2. Was there a notification or a list of such "additional goodies"
> installed by the OG installer anywhere in the OG manual/website/mailing list?
Nope. Individual files are not listed nor defined.
- Shawn
-------------------------------
Shawn D. Hogan
President, Digital Point Solutions
http://www.digitalpoint.com
(858) 452-3696
---------------------------------------------------
To subscribe, unsubscribe or to search list archive
please visit http://www.optigold.com/lists/isp.html
---------------------------------------------------
Messages In This Thread:
Return to Digital Point Solutions' Home Page