ISS X-Force Database: securecrt-securefx-string-bo(25092): SecureCRT and SecureFX unicode string buffer overflow

SecureCRT and SecureFX unicode string buffer overflow

securecrt-securefx-string-bo (25092)

High Risk

Description:

SecureCRT and SecureFX are vulnerable to a buffer overflow. When converting a unicode string to a multi-byte string, a boundary error can occur which under certain conditions can cause a buffer overflow and possibly allow a remote attacker to execute arbitrary code on the system.

Platforms Affected:

VanDyke, SecureCRT 5.0 - 5.0.4
VanDyke, SecureFX 3.0 - 3.0.4

Remedy:

For SecureCRT:
Upgrade to version 5.0.5 available from the SecureCRT Web site. See References.

SecureFX:
Upgrade to version 3.0.5 available from the SecureFX Web site. See References.

Consequences:

Gain Access

References:

VanDyke Software Security Advisory March 3, 2006, SecureCRT� 5.0 and SecureFX� 3.0 at http://www.vandyke.com/support/advisory/2006/03/19040.html.
VanDyke Software Web site, SecureCRT at http://www.vandyke.com/download/securecrt/index.html.
VanDyke Software Web site, SecureFX at http://www.vandyke.com/download/securefx/index.html.
BID-16935: Van Dyke SecureCRT and SecureFX Buffer Overflow Vulnerability
CVE-2006-1038: Buffer overflow in SecureCRT 5.0.4 and earlier and SecureFX 3.0.4 and earlier allows remote attackers to have an unknown impact when a Unicode string is converted to a narrow string.
SA19040: SecureCRT / SecureFX Potential Buffer Overflow Vulnerability
VUPEN/ADV-2006-0806: SecureCRT and SecureFX String Convertion Buffer Overflow Vulnerability

Reported:

Mar 03, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page