|
Posted: July 25, 2002
Description
The vulnerability allows the attacker to execute arbitrary code
on the machine where SecureCRT resides. When SecureCRT connects
to an SSH1 server, the server sends a version string containing
minor and major numbers for the protocol, as well as a server-specific
identifier string which is specified to be no more than 40 bytes
long. The SecureCRT code which handles errors relating to an unsupported
protocol version contains an unchecked buffer overflow when dealing
with this identifier string sent from a server that has been modified
to exploit this vulnerability.
This vulnerability is specific to SSH1 connections.
SSH2 server connections do not share this vulnerability.
SSH2 offers substantially greater security than SSH1. VanDyke Software
recommends that all SSH1 users switch to SSH2 connections if possible.
Further, those users who do not have an SSH2 server currently available
are encouraged to make plans to migrate to SSH2 as soon as possible.
|
Revised versions of SecureCRT are available for all registered
users. VanDyke recommends that all users of versions 2.x
and 3.x upgrade immediately to the available revisions.
|
Users who purchased licenses on or after June 1, 2001 may
download either
SecureCRT 3.4.8 or SecureCRT 4.0.9.
Users who purchased licenses prior to June 1, 2001 should
download SecureCRT 3.4.8.
Users who purchased licenses prior to July 1, 2000 should
download SecureCRT 3.3.4.
Users who purchased licenses prior to January 1, 2000 should
download SecureCRT 3.2.2.
|
| |
|
Affected Software Versions
|
SecureCRT 4.0 beta 2 or earlier
SecureCRT 3.x official
SecureCRT 2.x official
|
| |
|
Vulnerability Fix Downloads
|
SecureCRT 4.0.9 - http://www.vandyke.com/download/securecrt/4.0/index.html
SecureCRT 3.4.8 - http://www.vandyke.com/download/securecrt/3.4/index.html
SecureCRT 3.3.4 - http://www.vandyke.com/download/securecrt/3.3/index.html
SecureCRT 3.2.2 - http://www.vandyke.com/download/securecrt/3.2/index.html
|
| |
|
Technical Support
|
For further information on the security advisory, please contact VanDyke Software. |
| |
|
BugTraq Postings
|
The original posting of this vulnerability was
made to BugTraq
on July 23, 2002.
VanDyke's response
was also posted on July 23, 2002.
VanDyke posted a message
announcing the revised versions and this page on July 25,
2002.
|
| |
|
Revision History
|
July 25, 2002 - Security Advisory published.
July 26, 2002 - Security Advisory updated.
November 21, 2002 - Security Advisory updated.
January 21, 2003 - Security Advisory updated.
February 20, 2003 - Security Advisory updated.
April 3, 2003 - Security Advisory updated.
April 17, 2003 - Security Advisory updated.
June 19, 2003 - Security Advisory updated.
August 19, 2003 - Security Advisory updated.
October 16, 2003 - Security Advisory updated.
December 4, 2003 - Security Advisory updated.
|
|
