exploits , vulnerabilities , articles , SecureCRT SSH1 Identifier String Buffer Overflow Vulnerability

Title	SecureCRT SSH1 Identifier String Buffer Overflow Vulnerability
Published	2002-07-23-12:00AM
Updated	2002-07-29-06:46PM
Class	Boundary Condition Error
CVE	CVE-2002-1059
Remote	Yes
Local	No
Credit	Discovery of this issue is credited to Kyuzo <ogl@SirDrinkalot.rm-f.net>.
Vulnerable	Van Dyke Technologies SecureCRT 4.0 beta 2 Van Dyke Technologies SecureCRT 4.0 beta 1 Microsoft Windows 2000 Professional Microsoft Windows 2000 Professional SP1 Microsoft Windows 2000 Professional SP2 Microsoft Windows 95 Microsoft Windows 98 Microsoft Windows ME Microsoft Windows NT Workstation 4.0 Microsoft Windows NT Workstation 4.0 SP1 Microsoft Windows NT Workstation 4.0 SP2 Microsoft Windows NT Workstation 4.0 SP3 Microsoft Windows NT Workstation 4.0 SP4 Microsoft Windows NT Workstation 4.0 SP5 Microsoft Windows NT Workstation 4.0 SP6 Microsoft Windows NT Workstation 4.0 SP6a Microsoft Windows XP Home Microsoft Windows XP Professional Van Dyke Technologies SecureCRT 3.4.5 Microsoft Windows 2000 Professional Microsoft Windows 2000 Professional SP1 Microsoft Windows 2000 Professional SP2 Microsoft Windows 95 Microsoft Windows 98 Microsoft Windows ME Microsoft Windows NT Workstation 4.0 Microsoft Windows NT Workstation 4.0 SP1 Microsoft Windows NT Workstation 4.0 SP2 Microsoft Windows NT Workstation 4.0 SP3 Microsoft Windows NT Workstation 4.0 SP4 Microsoft Windows NT Workstation 4.0 SP5 Microsoft Windows NT Workstation 4.0 SP6 Microsoft Windows NT Workstation 4.0 SP6a Microsoft Windows XP Home Microsoft Windows XP Professional Van Dyke Technologies SecureCRT 3.4.4 Microsoft Windows 2000 Professional Microsoft Windows 2000 Professional SP1 Microsoft Windows 2000 Professional SP2 Microsoft Windows 95 Microsoft Windows 98 Microsoft Windows ME Microsoft Windows NT Workstation 4.0 Microsoft Windows NT Workstation 4.0 SP1 Microsoft Windows NT Workstation 4.0 SP2 Microsoft Windows NT Workstation 4.0 SP3 Microsoft Windows NT Workstation 4.0 SP4 Microsoft Windows NT Workstation 4.0 SP5 Microsoft Windows NT Workstation 4.0 SP6 Microsoft Windows NT Workstation 4.0 SP6a Microsoft Windows XP Home Microsoft Windows XP Professional Van Dyke Technologies SecureCRT 3.4.3 Microsoft Windows 2000 Professional Microsoft Windows 2000 Professional SP1 Microsoft Windows 2000 Professional SP2 Microsoft Windows 95 Microsoft Windows 98 Microsoft Windows ME Microsoft Windows NT Workstation 4.0 Microsoft Windows NT Workstation 4.0 SP1 Microsoft Windows NT Workstation 4.0 SP2 Microsoft Windows NT Workstation 4.0 SP3 Microsoft Windows NT Workstation 4.0 SP4 Microsoft Windows NT Workstation 4.0 SP5 Microsoft Windows NT Workstation 4.0 SP6 Microsoft Windows NT Workstation 4.0 SP6a Microsoft Windows XP Home Microsoft Windows XP Professional Van Dyke Technologies SecureCRT 3.4.2 Microsoft Windows 2000 Professional Microsoft Windows 2000 Professional SP1 Microsoft Windows 2000 Professional SP2 Microsoft Windows 95 Microsoft Windows 98 Microsoft Windows ME Microsoft Windows NT Workstation 4.0 Microsoft Windows NT Workstation 4.0 SP1 Microsoft Windows NT Workstation 4.0 SP2 Microsoft Windows NT Workstation 4.0 SP3 Microsoft Windows NT Workstation 4.0 SP4 Microsoft Windows NT Workstation 4.0 SP5 Microsoft Windows NT Workstation 4.0 SP6 Microsoft Windows NT Workstation 4.0 SP6a Microsoft Windows XP Home Microsoft Windows XP Professional Van Dyke Technologies SecureCRT 3.4.1 Microsoft Windows 2000 Professional Microsoft Windows 2000 Professional SP1 Microsoft Windows 2000 Professional SP2 Microsoft Windows 95 Microsoft Windows 98 Microsoft Windows ME Microsoft Windows NT Workstation 4.0 Microsoft Windows NT Workstation 4.0 SP1 Microsoft Windows NT Workstation 4.0 SP2 Microsoft Windows NT Workstation 4.0 SP3 Microsoft Windows NT Workstation 4.0 SP4 Microsoft Windows NT Workstation 4.0 SP5 Microsoft Windows NT Workstation 4.0 SP6 Microsoft Windows NT Workstation 4.0 SP6a Microsoft Windows XP Home Microsoft Windows XP Professional Van Dyke Technologies SecureCRT 3.4 Microsoft Windows 2000 Professional Microsoft Windows 2000 Professional SP1 Microsoft Windows 2000 Professional SP2 Microsoft Windows 95 Microsoft Windows 98 Microsoft Windows ME Microsoft Windows NT Workstation 4.0 Microsoft Windows NT Workstation 4.0 SP1 Microsoft Windows NT Workstation 4.0 SP2 Microsoft Windows NT Workstation 4.0 SP3 Microsoft Windows NT Workstation 4.0 SP4 Microsoft Windows NT Workstation 4.0 SP5 Microsoft Windows NT Workstation 4.0 SP6 Microsoft Windows NT Workstation 4.0 SP6a Microsoft Windows XP Home Microsoft Windows XP Professional Van Dyke Technologies SecureCRT 3.3.3 Van Dyke Technologies SecureCRT 3.3.2 Van Dyke Technologies SecureCRT 3.3.1 Van Dyke Technologies SecureCRT 3.3 Van Dyke Technologies SecureCRT 3.2.1 Van Dyke Technologies SecureCRT 3.2 Van Dyke Technologies SecureCRT 3.1.2 Van Dyke Technologies SecureCRT 3.1.1 Van Dyke Technologies SecureCRT 3.1 Van Dyke Technologies SecureCRT 3.0 Van Dyke Technologies SecureCRT 2.4
Not Vulnerable	Van Dyke Technologies SecureCRT 4.0 beta 3 Van Dyke Technologies SecureCRT 3.4.6 Van Dyke Technologies SecureCRT 3.3.4 Van Dyke Technologies SecureCRT 3.2.2
Code	Exploit code has been developed by "Andrea Lisci" <andrea.lisci@fst.it>. A proof-of-concept program to demonstrate the overflow condition was submitted by Kyuzo <ogl@SirDrinkalot.rm-f.net>. CORE has developed a working commercial exploit for their IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild. /data/vulnerabilities/exploits/securecrtpoc.c /data/vulnerabilities/exploits/securecrt-exp.c
TXT

Vulnerabilities - newest 10 RSS | More

• 2009-12-17 Zen Cart Insecure File and Programs Information Disclosure and Database Deletion Vulnerability
• 2009-12-17 Winamp Module Decoder Plugin Multiple Buffer Overflow Vulnerabilities
• 2009-12-17 Winamp JPEG and PNG Multiple Integer Overflow Vulnerabilities
• 2009-12-17 HP OpenView Storage Data Protector Stack Buffer Overflow Vulnerability
• 2009-12-17 IBM WebSphere Application Server Feature Pack for CEA Spoofing Vulnerability
• 2009-12-17 Digital Scribe Cross Site Scripting and SQL Injection Vulnerabilities
• 2009-12-17 WP-Forum WordPress Plugin Multiple SQL Injection Vulnerabilities
• 2009-12-17 Quick Heal AntiVirus Insecure Program File Permissions Local Privilege Escalation Vulnerability
• 2009-12-17 IntelliCom NetBiter webSCADA Multiple Default Password Security Bypass Vulnerabilities
• 2009-12-17 Webmatic Multiple Unspecified SQL Injection and Cross-Site Scripting Vulnerabilities

• Vulnerabilities
• Exploits
• News
• Articles

Copyright 2007, SecurityDot
Fri, 18 Dec 2009 02:47:12 +0000