ShadowPad: Backdoor in NetSarang Apps

[German]Hackers was able to inject a backdoor into NetSarang's business apps (XManager 5, also Enterprise, XShell 5, Xftp 5, Xlpd 5). This software is used worldwide within companies.


Korean software vendor NetSarang has published a security advisory on August 7, 2017, about an Exploit in July 18, 2017 affecting its business software.

On Friday August 4th, 2017, engineers from NetSarang discovered (in cooperation with Kaspersky Labs) a security exploit in NetSarang's software specific to the following Builds which were released on July 18, 2017.

  • Xmanager Enterprise 5.0 Build 1232
  • Xmanager 5.0 Build 1045
  • Xshell 5.0 Build 1322
  • Xftp 5.0 Build 1218
  • Xlpd 5.0 Build 1220

Build numbers before and after the above Builds were not affected. The exploit was effectively patched with the release of our latest Build on August 5th, so if you've already updated, then your clients are secure. The latest Builds are Xmanager Enterprise Build 1236, Xmanager Build 1049, Xshell Build 1326, Xftp Build 1222, and Xlpd Build 1224.

Kaspersky has documented the whole case here, a second article may be found at Bleeping Computer.

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *