SecureCRT SSH-1 Protocol Version String Remote Overflow

high Nessus Plugin ID 15822

Synopsis

The remote host has an application that is affected by a buffer overflow vulnerability.

Description

The remote host is using a vulnerable version of SecureCRT, a SSH/Telnet client built for Microsoft Windows operating systems.

It has been reported that SecureCRT contains a remote buffer overflow allowing an SSH server to execute arbitrary commands via an especially long SSH1 protocol version string.

Solution

Upgrade to SecureCRT 3.2.2, 3.3.4, 3.4.6, 4.1 or newer

Plugin Details

Severity: High

ID: 15822

File Name: securecrt_remote_overflow.nasl

Version: 1.18

Type: local

Agent: windows

Family: Windows

Published: 11/24/2004

Updated: 7/27/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.3

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 7/23/2002

Exploitable With

Metasploit (SecureCRT SSH1 Buffer Overflow)

Reference Information

CVE: CVE-2002-1059

BID: 5287