SecureCRT 4.0 Beta 2 SSH1 - Remote Buffer Overflow (Metasploit)

$Id: securecrtssh1.rb 9179 2010-04-30 08:40:19Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...

SecureCRT <= 4.0 Beta 2 SSH1 Buffer Overflow

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ class Metasploit3 'SecureCRT %q This module exploi...

SOL1518 - Multiple SSH1 vulnerabilities - CA-2001-35

CERT Advisory CA-2001-35 revisits several existing exploits for the SSH1 and SSH2 protocols handled by the sshd process. For more information about the vulnerability, refer to the CERT website at the following location: . Workaround If you have BIG-IP or 3-DNS 4.5, you can work around these issue...

SecureCRT SSH1 Buffer Overflow

This module exploits a buffer overflow in SecureCRT 'SecureCRT SSH1 Buffer Overflow', 'Description' = %q This module exploits a buffer overflow in SecureCRT 'MC', 'License' = MSFLICENSE, 'References' = 'CVE', '2002-1059' , 'OSVDB', '4991' , 'BID', '5287' , , 'DefaultOptions' = 'EXITFUNC' =...

SecureCRT SSH1 protocol version string overflow

The remote host is using a vulnerable version of SecureCRT, a SSH/Telnet client built for Microsoft Windows operation systems. It has been reported that SecureCRT contain a remote buffer overflow allowing an SSH server to execute arbitrary command via a specially long SSH1 protocol version string...

SecureCRT SSH1 protocol version string overflow

The remote host is using a vulnerable version of SecureCRT, a SSH/Telnet client built for Microsoft Windows operation systems. SPDX-FileCopyrightText: 2004 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

CVE-2001-1470

The CVE-2001-1470 entry describes a vulnerability in the IDEA cipher as implemented by SSH1. The issue is that the final block is not protected against modification, allowing a remote attacker to alter the message and adjust its CRC to match the changes, without detection. The descriptions across...

CVE-2001-1469

The CVE-2001-1469 entry concerns the RC4-based use in SSH1, where remote attackers can modify messages without detection by XOR’ing the original message CRC with the CRC of a mask of the modified bits. Affected component is the RC4 stream cipher implementation within SSH1; impact is partial integ...

CVE-2001-1469

The RC4 stream cipher as used by SSH1 allows remote attackers to modify messages without detection by XORing the original message's cyclic redundancy check CRC with the CRC of a mask consisting of all the bits of the original message that were modified...

CVE-2001-1470

The IDEA cipher as implemented by SSH1 does not protect the final block of a message against modification, which allows remote attackers to modify the block without detection by changing its cyclic redundancy check CRC to match the modifications to the message...

SecureCRT SSH-1 Protocol Version String Remote Overflow

The remote host is using a vulnerable version of SecureCRT, a SSH/Telnet client built for Microsoft Windows operating systems. It has been reported that SecureCRT contains a remote buffer overflow allowing an SSH server to execute arbitrary commands via an especially long SSH1 protocol version...

SSH1 CRC-32 detect_attack Function Overflow

Binary data 1980.prm...

CVE-2003-0786

The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3.7.1p1, when Privilege Separation is disabled, does not check the result of the authentication attempt, which can allow remote attackers to gain privileges...

CVE-2003-0786

The CVE-2003-0786 issue affects OpenSSH 3.7.1 and 3.7.1p1 where Privilege Separation being disabled causes the SSH1 PAM challenge/response authentication outcome to not be checked, enabling a remote attacker to potentially escalate privileges. The entry carries a BASE score of 10.0 (HIGH) with ne...

Vandyke Software SecureCRT contains buffer overflow vulnerability in password handling code

Overview SecureCRT is vulnerable to buffer overflow from improper handling of long password input. Description SecureCRT is a terminal emulator and SSH client for Windows. If the SSH1 protocol is used and the user enters a password 300 characters or more in length, SecureCRT will crash, with the...

SecureCRT 2.43.x4.0 - SSH1 Identifier String Buffer Overflow (2)

SecureCRT 2.43.x4.0 - SSH1 Identifier String Buffer Overflow 2 // source: https://www.securityfocus.com/bid/5287/info The SecureCRT client is prone to a buffer-overflow condition when attempting to handle an overly long SSH1 protocol identifier string. Reportedly, an attacker can exploit this iss...

SecureCRT 2.43.x4.0 - SSH1 Identifier String Buffer Overflow (1)

SecureCRT 2.43.x4.0 - SSH1 Identifier String Buffer Overflow 1 // source: https://www.securityfocus.com/bid/5287/info The SecureCRT client is prone to a buffer-overflow condition when attempting to handle an overly long SSH1 protocol identifier string. Reportedly, an attacker can exploit this iss...

SecureCRT 2.4/3.x/4.0 - SSH1 Identifier String Buffer Overflow (2)

// source: https://www.securityfocus.com/bid/5287/info The SecureCRT client is prone to a buffer-overflow condition when attempting to handle an overly long SSH1 protocol identifier string. Reportedly, an attacker can exploit this issue via a malicious server. Exploiting this issue may allow an...

SecureCRT 2.4/3.x/4.0 - SSH1 Identifier String Buffer Overflow (1)

// source: https://www.securityfocus.com/bid/5287/info The SecureCRT client is prone to a buffer-overflow condition when attempting to handle an overly long SSH1 protocol identifier string. Reportedly, an attacker can exploit this issue via a malicious server. Exploiting this issue may allow an...

Weak CRC allows packet injection into SSH sessions encrypted with block ciphers

Overview There is an information integrity vulnerability in the SSH1 protocol that allows packets encrypted with a block cipher to be modified without notice. Description Preconditions: Attacker has a fragment of plaintext and its corresponding ciphertext. Attacker must be able to actively...