SecureCRT SSH1 Protocol Version String Overflow Network Vulnerability

Summary

The remote host is using a vulnerable version of SecureCRT, a SSH/Telnet client built for Microsoft Windows operation systems. It has been reported that SecureCRT contain a remote buffer overflow allowing an SSH server to execute arbitrary command via a specially long SSH1 protocol version string.

Solution

Upgrade to SecureCRT 3.2.2, 3.3.4, 3.4.6, 4.1 or newer

Severity

Classification

CVE CVE-2002-1059
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Microsoft Office Excel 2003 Invalid Object Type Remote Code Execution Vulnerability
Microsoft Windows Progman Group Converter Insecure Library Loading Vulnerability
MS Internet Explorer 'VBScript' Remote Code Execution Vulnerability
SMB Registry : SQL7 Patches
WS_FTP client weak stored password

SecureCRT SSH1 protocol version string overflow

Take action and discover your vulnerabilities