Security Advisory—SecureCRT^® 5.0 and SecureFX^® 3.0

In SecureCRT versions 5.0 through 5.0.4 and SecureFX version 3.0 through 3.0.4, a buffer overflow was theoretically possible when a Unicode string was converted to a narrow string.

Posted: March 3, 2006

Description

When converting a Unicode string to a narrow string, it was theoretically possible to exploit a buffer overflow if certain conditions were met. This issue was found through code inspection. There are no known exploits. VanDyke Software considers the threat extremely minimal.

Affected Software Versions

SecureCRT versions 5.0 through 5.0.4.
SecureFX version 3.0 through 3.0.4.

Vulnerability Fix Downloads

SecureCRT 5.0.5 or later - http://www.vandyke.com/download/securecrt/index.html
SecureFX 3.0.5 or later - http://www.vandyke.com/download/securefx/index.html

Technical Support

For further information on the security advisory, please contact VanDyke Software.

Official Postings

Secunia published an advisory on March 3, 2006.
VanDyke posted this page on March 3, 2006.

Revision History

March 3, 2006 - Security Advisory published.

VShell, SecureCRT, SecureFX, Entunnel, CRT, and AbsoluteFTP are trademarks or registered trademarks of VanDyke Software, Inc. in the United States and/or other countries. All other trademarks or registered trademarks are the property of their respective owners.

Security Advisory—SecureCRT® 5.0 and SecureFX® 3.0

In SecureCRT versions 5.0 through 5.0.4 and SecureFX version 3.0 through 3.0.4, a buffer overflow was theoretically possible when a Unicode string was converted to a narrow string.

Security Advisory—SecureCRT^® 5.0 and SecureFX^® 3.0