VShell(TM) Server for Windows 2.2.6 (Official) -- April 22, 2004 Copyright © 1995-2004 VanDyke Software, Inc. All rights reserved. This file contains a VShell product history. It includes lists of new features, changes, and bug fixes sorted by release. For a product description, installation notes, registration, and contact information, please refer to Readme.txt (downloaded with this installation). Changes in VShell 2.2.6 Official -- April 22, 2004 -------------------------------------------------- - No changes Changes in VShell 2.2.5 Official -- February 24, 2004 ----------------------------------------------------- New features: - New registry option "Send Disconnect Errors To Client". Allows those that want it to give the client more information about why they have been disconnected (e.g., VShell Connection Limits Exceeded). Changes: - Changed the following error to a debug message so that it no longer shows up in the Windows event log: "No credentials are available in the security package". - Filtered out the following log message: "Reached the end of the file". - Modified the port forwarding and connection filter dialogs to include information about the fact that order matters and that the first filter to match takes precedence. Bug fixes: - VSH/VCP: The -auth flag was not working for VSH.exe and VCP.exe if more than one authentication method was specified. - VShell could crash if a disconnect was sent at the same time a key exchange happened. - If the ident string was read after VShell started to disconnect, the client could get an "invalid packet header" error. - Upload triggers did not fire if the file was opened "read/write" vs. "write" as is the case with some clients. Upload triggers now fire if the file is opened read/write or write only. - VSH would not run under Windows 95. Changes in VShell 2.2.4 Official -- January 8, 2004 --------------------------------------------------- Changes: - The VShell installer now removes old/unused DLLs when upgrading. Bug fixes: - VShell could crash when reading an incorrectly formatted public key. - Upon starting VShell, it would fail to set strict permissions on the registry configuration key (which would generate the error: "VShell failed to secure the registry key : The security descriptor structure is invalid."). Changes in VShell 2.2.3 Official -- November 11, 2003 ----------------------------------------------------- New features: - Added a new registry option called "Enable Sharing For Sftp Open" that defaults to false. When this option is true, the SftpFileHandle will open files for share read, write, and delete. This makes it so that a file that is held open exclusively (like the log files) can be transferred. - VSH: Support for the user@host syntax as well as the -l user syntax. - VSH: Option "-nopty" which does not request a pty upon connection. Changes: - To reduce confusion in the VShell Control Panel, all ACLs in the Access Control are disabled when Logon is denied for a user or group. - VSH/VCP: Can now use the "-kex" option to specify key exchange methods to be used. - Under Windows XP, groups are now an included object type in the Select User or Group dialog, making it easy to add groups to the ACL and SFTP roots. Bug fixes: - VShell could occasionally stall due to errors loading the profile. - Under some conditions, VShell could report: Failed to lookup authentication package vdspka10: The handle is invalid. - Permissions on files downloaded from VShell 2.2 (win32) using an OpenSSH client were incorrectly set to --w------- . - VShell could crash when authenticating with gssapi-with-mic or when using gssapi-keyex. - Because of a missing lock, VShell could crash if a disconnect happened at the right moment during key exchange or key re-exchange. - VShell could fail to read host keys or public keys if another process was also reading the key. - The time string passed in VShell's trigger function was garbage. The string is now a correct time string. - VShell would erroneously report an invalid state change in its log. - VShell could leak small amounts of memory when using public-key authentication. - VShell would erroneously report "invalid cross-device errors" to SFTP clients at the end of directory listings. - VShell would incorrectly log that it executed a file upload trigger before it logged the file that was uploaded. The events are correctly logged in order now. - Users with restricted permissions (non administrator) on the C:\ drive were unable to log in. - Remote port forwarding did not work for non-administrative users connecting to VShell. - VSH: A hang occurred when remotely executing a non-existent command on a Windows VShell server. - VSH: A core dump would occur on FreeBSD and Mac OS X machines when redirecting output to /dev/null. - VSH/VCP: Didn't report an error when an invalid authentication method was specified on the command line (-auth). Vulnerabilities: - The VShell password authenticator failed to set the sensitive data flag on the password. This may have caused the password to have been left in memory longer than was strictly necessary. An admin with the ability to read VShell's memory space might have been able to find the password. Or, if VShell crashed after password authentication, the password might have been written to the core. Changes in VShell 2.2.2 Official -- September 18, 2003 ------------------------------------------------------ Bug fixes: - Upload triggers were incorrectly logged before the log message that happened when the uploaded file was closed. - The time string passed to the trigger function was garbage. - VSH/VCP: Experienced a memory leak whenever public key authentication was used. Changes in VShell 2.2.1 Official -- September 12, 2003 ------------------------------------------------------ New features: - VSH/VCP: added the option -key KEX, which allows you to specify which key exchange algorithm to use. Valid algorithms are diffie-hellman, diffie-hellman-group, Kerberos, and any OID (in dotted number format) supported by the GSSAPI provider Changes: - VSH/VCP: Will now only allow three failed passphrase attempts. Vulnerabilities: - When using Kerberos host and user authentication via GSSAPI, the connection could be vulnerable to a man-in-the-middle attack. The GSSAPI introduction of GSSAPI with MIC has been introduced to eliminate this risk and the GSSAPI method has been deprecated. - Added the option "Enable Deprecated GSSAPI" in the VShell registry to enable the deprecated GSSAPI methods in cases where GSSAPI with MIC is not available. This option is set to 0 by default. Changes in VShell 2.2 Official -- August 12, 2003 ------------------------------------------------- Bug fixes: - VShell, VCP, and VSH could potentially crash if trying to get a GSSAPI error message from the Kerberos library. - VCP and VSH were unable to make connections through a Socks 5 firewall. - VShell, VCP, and VSH could potentially have a non-exploitable buffer overflow if GSSAPI got more than four mechanisms when querying how many mechanisms were supported by the local GSSAPI provider. - Under some circumstances, an evaluation license was not properly created. Changes in VShell 2.2 (Public) Beta 9 -- July 31, 2003 ------------------------------------------------------ New features: - Support for GSSAPI secured key exchange. Currently, Kerberos v5 is supported. - Authentication banners are now displayed from a text file set in the Windows registry "Authentication Banner Path". Changes: - When VShell fails to listen on an address, it now reports the port as well as the address. Bug fixes: - VShell supported the remote-forward start global request "tcpip-forward", but did not support the remote forward stop request "cancel-tcpip-forward". - VCP and VSH no longer cause VShell evaluation licenses to prematurely time out. - VSH and VCP now support Socks 4 and 5 firewalls. Changes in VShell 2.2 (Public) Beta 8 -- July 17, 2003 ------------------------------------------------------ Changes: - SFTP file and directory deletes are now logged. Bug fixes: - vcp/vsh: If the -noprompt command-line option is used, vsh and vcp never prompts for input. - UPN calls were not being logged for Kerberos authentications via GSSAPI. Changes in VShell 2.2 (Public) Beta 7 -- July 3, 2003 ----------------------------------------------------- Changes: - The General category, Server options group in the Control Panel now reads "Message of the day" file instead of "MOTD file". Bug fixes: - VSH reads from STDIN and passes it to the remote for execution. - VCP/VSH: If -noprompt was enabled, vsh/vcp would try an incorrect password or passphrase multiple times if -pw or -i was specified on the command line. Changes in VShell 2.2 (Public) Beta 6 -- June 17, 2003 ------------------------------------------------------ Bug fixes: - Buffered stderr and stdout were not being processed in a consistent order. - User groups were being repeated when logging in using public key-only as the authentication method. This may have caused problems when trying to run certain programs that require Administrative access. Changes in VShell 2.2 Beta 5 -- May 29, 2003 -------------------------------------------- New features: - The standard VShell 2.2 Windows installer now includes VSH and VCP command-line clients. Changes: - VShell now logs all failed file operations when SFTP logging is enabled. - Reduced the error information given to users on certain authentication failures. - Vkeygen: Added a prompt so that Vkeygen no longer overwrites existing keys without approval. - When F-Secure / SSH-Communications clients connect, they did not understand VShell's remote forwarding requests. VShell now has a compatibility mode so that remote forwarding requests are understood by these clients. Bug fixes: - VSH crashed when hitting CTRL+C at the password prompt. - Triggers leaked two handles each time they were fired. Vulnerabilities: - It may have been possible to exploit a buffer overrun in the transport class. - VShell now explicitly checks that the padding length of transport buffers is valid and shuts down the connection when it is not. - Improved the execution mechanism and variable expansion, field splitting, and quoting for triggers. - Another application running on the same machine as VShell could bind to a specific IP address on port 22 and be able to intercept incoming connections to port 22. Changes in VShell 2.2 Beta 4 -- May 13, 2003 -------------------------------------------- Bug fixes: - Hostname resolutions when testing filters would always fail. Changes in VShell 2.2 Beta 3 -- April 29, 2003 ---------------------------------------------- Changes: - Added log message indicating that the vdspka module is not installed. Changes in VShell 2.2 Beta 2 -- April 8, 2003 --------------------------------------------- New features: - Kerberos v5 authentication (via GSSAPI) is now supported. - On a multi-homed machine, control which NIC VShell listens on to better lock down access to the server. Changes: - SFTP4: VShell now sends the ACL, owner, and group if requested by a "stat" command. - SFTP4: File times are now 64 bits and go down to the nanosecond. - SFTP4: File create times can now be set and retrieved. - If port 0 is bound to for remote forwarding, VShell picks a free port and the client can find out the port was bound. - Added logging support for the public key-only package to assist in troubleshooting. - Improved debug messages, including a message to indicate whether or not the primes file was successfully read.