| VID |
28096 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The SecureCRT software, according to its version number, has an SSH1 Identifier String Buffer Overflow Vulnerability.
VanDyke Software's SecureCRT is a terminal emulator for Internet and intranet use with support for Secure Shell (SSH1 and SSH2) as well as Telnet and rlogin protocols. SecureCRT client versions 2.x, 3.x, 4.0 beta 2 and earlier are vulnerable to a buffer overflow condition when attempting to handle an overly long SSH1 protocol identifier string received from an SSH server, which could allow a remote attacker in control of an SSH server to execute arbitrary code when connecting to an SSH1 server that has been modified to perform this exploit.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.vandyke.com/products/securecrt/security07-25-02.html
http://www.osvdb.org/displayvuln.php?osvdb_id=4991
http://www.securityfocus.com/archive/1/283812
http://www.securityfocus.com/archive/1/283888
http://www.securityfocus.com/archive/1/284395
http://www.securityfocus.com/archive/1/284895
* Platforms Affected:
VanDyke Software, Inc., SecureCRT 4.0 beta 2 and earlier
VanDyke Software, Inc., SecureCRT 3.x official
VanDyke Software, Inc., SecureCRT 2.x official
Microsoft Windows Any version |
| Recommendation |
Upgrade to version 3.2.2, 3.3.4, 3.4.8, 4.1 or higher, as listed in VanDyke Software Security Advisory July 25, 2002 at http://www.vandyke.com/products/securecrt/security07-25-02.html |
| Related URL |
CVE-2002-1059 (CVE) |
| Related URL |
5287 (SecurityFocus) |
| Related URL |
9650 (ISS) |
|
