|
Security Advisory — SecureCRT® 2.x, 3.x,
4.0.x |
|
SecureCRT is reported prone to a remote denial of service vulnerability.
It is reported that supplying an excessive string value to the application
through the hostname field may trigger this vulnerability. Apparently,
this causes the client application to crash.
SecureCRT 4.0.9 and earlier may be vulnerable when SSH2 is used.
SecureCRT 4.1 or newer provides a fix for SSH2 connections. |
|
Posted: January 14, 2005
Description
The remote denial of service vulnerability described in this
advisory is a denial of service on the local machine caused
by SecureCRT crashing if an attempt is made to connect to an
SSH2 session with an excessively long hostname. The remote
machine is not affected by this vulnerability.
|
Affected Software Versions
|
SecureCRT 4.0.x official
SecureCRT 3.x official
SecureCRT 2.x official
|
| |
|
Vulnerability Fix Downloads
|
SecureCRT 4.1 - http://www.vandyke.com/download/securecrt/download.html
|
| |
|
Technical Support
|
For further information on the security advisory, please contact VanDyke Software. |
| |
|
BugTraq Postings
|
The original posting of this vulnerability was
made to BugTraq
on December 29, 2004.
VanDyke posted this page on January 14,
2005.
|
| |
|
Revision History
|
January 14, 2005 - Security Advisory published.
|
|
|
