SecureCRT SSH-1 Protocol Version String Remote Overflow

This script is Copyright (C) 2004-2015 Tenable Network Security, Inc.


Synopsis :

The remote host has an application that is affected by a buffer
overflow vulnerability.

Description :

The remote host is using a vulnerable version of SecureCRT, a
SSH/Telnet client built for Microsoft Windows operating systems.

It has been reported that SecureCRT contains a remote buffer overflow
allowing an SSH server to execute arbitrary commands via an especially
long SSH1 protocol version string.

Solution :

Upgrade to SecureCRT 3.2.2, 3.3.4, 3.4.6, 4.1 or newer

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.4
(CVSS2#E:F/RL:W/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 15822 ()

Bugtraq ID: 5287

CVE ID: CVE-2002-1059

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now