Signature Detail
Short Name |
SSH:OVERFLOW:SECURECRT-BOF |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
SSH |
Keywords |
SecureCRT Client Buffer Overflow |
Release Date |
2003/04/22 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.4+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
SSH: SecureCRT Client Buffer Overflow
This signature detects a malicious SSH server attempting to overflow the buffer of a SecureCRT SSH client. If succesful, the client would make a subsequent connection to the SSH server host, giving full shell access.
Extended Description
The SecureCRT client is prone to a buffer-overflow condition when attempting to handle an overly long SSH1 protocol identifier string. Reportedly, an attacker can exploit this issue via a malicious server. Exploiting this issue may allow an attacker to execute arbitrary code or may cause the client to crash.
Affected Products
- VanDyke SecureCRT 2.4.0
- VanDyke SecureCRT 3.0.0
- VanDyke SecureCRT 3.1.0
- VanDyke SecureCRT 3.1.1
- VanDyke SecureCRT 3.1.2
- VanDyke SecureCRT 3.2.0
- VanDyke SecureCRT 3.2.1
- VanDyke SecureCRT 3.3.0
- VanDyke SecureCRT 3.3.1
- VanDyke SecureCRT 3.3.2
- VanDyke SecureCRT 3.3.3
- VanDyke SecureCRT 3.4.0
- VanDyke SecureCRT 3.4.1
- VanDyke SecureCRT 3.4.2
- VanDyke SecureCRT 3.4.3
- VanDyke SecureCRT 3.4.4
- VanDyke SecureCRT 3.4.5
- VanDyke SecureCRT 4.0.0 beta 1
- VanDyke SecureCRT 4.0.0 beta 2
References
- BugTraq: 5287
- CVE: CVE-2002-1059
- URL: http://securityvulns.com/docs3253.html