WinSCP Integer Overflow Vulnerability (Windows) Network Vulnerability

Summary

The host is installed with WinSCP and is prone to integer overflow vulnerability.

Impact

Successful exploitation will allow attackers to cause heap-based buffer overflows, resulting in a denial of service or potentially allowing the execution of arbitrary code.

Solution

Upgrade to version 5.1.6 or later, For updates refer to http://winscp.net

Insight

Flaw is due to improper validation of message lengths in the getstring() function in sshrsa.c and sshdss.c when handling negative SSH handshake.

Affected

WinSCP version before 5.1.6 on Windows

Detection

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

References

http://secunia.com/advisories/54355
http://winscp.net/eng/docs/history#5.1.6
http://winscp.net/tracker/show_bug.cgi?id=1017
http://www.osvdb.com/95970

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-4852

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apple Safari Multiple Memory Corruption Vulnerabilities-01 Aug14 (Mac OS X)
AVG Anti-Virus 'hcp://' Protocol Handler Remote Code Execution Vulnerability
Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Linux)
Adobe Reader 'file://' URL Information Disclosure Vulnerability Feb07 (Windows)
Apple Safari 'Webkit' Multiple Vulnerabilities -01 Feb15 (Mac OS X)

Take action and discover your vulnerabilities