VanDyke Software

Security Advisory

Security Advisory—SecureCRT® 5.0 and SecureFX® 3.0

In SecureCRT versions 5.0 through 5.0.4 and SecureFX version 3.0 through 3.0.4, a buffer overflow was theoretically possible when a Unicode string was converted to a narrow string.


Posted: March 3, 2006

Description

When converting a Unicode string to a narrow string, it was theoretically possible to exploit a buffer overflow if certain conditions were met. This issue was found through code inspection. There are no known exploits. VanDyke Software considers the threat extremely minimal.

Affected Software Versions

SecureCRT versions 5.0 through 5.0.4.
SecureFX version 3.0 through 3.0.4.

 

Vulnerability Fix Downloads

SecureCRT 5.0.5 or later - http://www.vandyke.com/download/securecrt/download.html
SecureFX 3.0.5 or later - http://www.vandyke.com/download/securefx/download.html

 

Technical Support

For further information on the security advisory, please contact VanDyke Software.
 

Official Postings

Secunia published an advisory on March 3, 2006.
VanDyke posted this page on March 3, 2006.

 

Revision History

March 3, 2006 - Security Advisory published.