Bugtraq mailing list archives
Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta
From: kelli burkinshaw <kelli.burkinshaw () vandyke com>
Date: 25 Jul 2002 22:32:42 -0000
In-Reply-To: <20020722200944.A6030 () SirDrinkalot rm-f net>
SecureCRT (http://www.vandyke.com/products/securecrt/) seems to have a bug in a seemlingly trivial portion of its SSH connection code. When an SSH Client connects to a server, the server sends a version string containing minor and major numbers for the protocol, as well as a server-specific identifier string which is specified to be no more than 40 bytes long. Unfortunetly the SecureCRT code which handles errors relating to an unsupported protocol version contains an unchecked buffer overflow when dealing with this identifier string.
VanDyke Software has released SecureCRT version 3.4.6 and version 4.0 beta 3 to eliminate the issue in SecureCRT you describe above. The issue made SecureCRT vulnerable to a buffer overflow attack which could allow malicious parties to execute arbitrary code when connecting to an SSH1 server that has been modified to perform this exploit. SSH2 connections are not affected by the vulnerability. VanDyke Software recommends that anyone using SecureCRT versions 2.x, 3.x, or 4.x upgrade immediately to the available revisions. For more details and to download a new version see: http://www.vandyke.com/products/securecrt/security07-25-02.html -- kelli burkinshaw VanDyke Software kelli.burkinshaw () vandyke com Product Director http://www.vandyke.com 505.332.5700 (T) 505.332.5701 (F)
Current thread:
- Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta kelli burkinshaw (Jul 23)
- <Possible follow-ups>
- Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta kelli burkinshaw (Jul 25)
- RE: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta Burton M. Strauss III (Jul 26)
- Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta Bela Lubkin (Jul 27)
- Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta Bela Lubkin (Jul 28)
- Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta Russell Harding (Jul 28)
- Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta Bela Lubkin (Jul 28)
- Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta Jim Paris (Jul 29)
- RE: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta Burton M. Strauss III (Jul 26)