WinSCP Integer Overflow Vulnerability (Windows) Network Vulnerability

Summary

The host is installed with WinSCP and is prone to integer overflow vulnerability.

Impact

Successful exploitation will allow attackers to cause heap-based buffer overflows, resulting in a denial of service or potentially allowing the execution of arbitrary code.

Solution

Upgrade to version 5.1.6 or later, For updates refer to http://winscp.net

Insight

Flaw is due to improper validation of message lengths in the getstring() function in sshrsa.c and sshdss.c when handling negative SSH handshake.

Affected

WinSCP version before 5.1.6 on Windows

Detection

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

References

http://secunia.com/advisories/54355
http://winscp.net/eng/docs/history#5.1.6
http://winscp.net/tracker/show_bug.cgi?id=1017
http://www.osvdb.com/95970

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-4852
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apache /server-info accessible
Apache Tomcat Default Accounts
Apple Safari WebKit Information Disclosure Vulnerability (Windows)
Active Perl CGI.pm 'Set-Cookie' and 'P3P' HTTP Header Injection Vulnerability (Win)
Adobe Reader Information Disclosure & Denial of Service Vulnerabilities (Windows)

Take action and discover your vulnerabilities