SSH Secure Shell for Workstations contains buffer overflow in URL-handling feature

2002-12-04T00:00:00
ID VU:140977
Type cert
Reporter CERT
Modified 2002-12-13T23:50:00

Description

Overview

The Windows version of SSH Secure Shell for Workstations contains a buffer overflow vulnerability that may allow an attacker to execute arbitrary code.

Description

The SSH Secure Shell for Workstations client includes a URL-handling feature that allows users to launch URLs that appear in the terminal window. When the user clicks on a URL, it will be launched using their default browser.

Versions 3.1 to 3.2.0 of this application contain a buffer overflow vulnerability that is triggered when the launched URL is approximately 500 characters or greater in length. To exploit this vulnerability, an attacker must supply a malicious URL to a terminal session and convince the victim to launch it.


Impact

This vulnerability allows an attacker to execute arbitrary code by convincing an unsuspecting user to click on a malicious URL.


Solution

Apply a patch

SSH Communications Security has released a Security Advisory to address this vulnerability. For more information, please see

http://www.ssh.com/company/newsroom/article/287/

Vendor Information

140977

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

SSH Communications Security __ Affected

Notified: November 18, 2002 Updated: December 04, 2002

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

SSH Communications Security has released a Security Advisory to address this vulnerability. For more information, please see

http://www.ssh.com/company/newsroom/article/287/

If you have feedback, comments, or additional information about this vulnerability, please send us email.

CVSS Metrics

Group | Score | Vector
---|---|---
Base | |
Temporal | |
Environmental | |

References

  • <http://www.ssh.com/company/newsroom/article/287/>
  • <http://ftp.ssh.com/priv/secureshell/6g3zslpk/windows/>

Acknowledgements

The CERT/CC thanks SSH Communications Security for reporting this vulnerability.

This document was written by Jeffrey P. Lanza.

Other Information

CVE IDs: | None
---|---
Severity Metric: | 1.60
Date Public: | 2002-11-25
Date First Published: | 2002-12-04
Date Last Updated: | 2002-12-13 23:50 UTC
Document Revision: | 16