SecureCRT SSH1 Protocol Version String Overflow Network Vulnerability

Summary

The remote host is using a vulnerable version of SecureCRT, a SSH/Telnet client built for Microsoft Windows operation systems. It has been reported that SecureCRT contain a remote buffer overflow allowing an SSH server to execute arbitrary command via a specially long SSH1 protocol version string.

Solution

Upgrade to SecureCRT 3.2.2, 3.3.4, 3.4.6, 4.1 or newer

Severity

Classification

CVE CVE-2002-1059

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Webroot SpySweeper Enterprise Check
Yahoo!Messenger is installed
MS Windows Insecure Library Loading Remote Code Execution Vulnerabilities (2269637)
Opera skin zip file buffer overflow vulnerability
Microsoft .NET Framework 'RC4' Information Disclosure Vulnerability (2960358)

SecureCRT SSH1 protocol version string overflow

Take action and discover your vulnerabilities