SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   SSH Vendors:   SSH Communications
SSH Communications SSH Secure Shell Client Buffer Overflow in Processing URLs May Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1005704
SecurityTracker URL:  http://securitytracker.com/id/1005704
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Nov 25 2002
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 3.1 to 3.2.0
Description:   A buffer overflow vulnerability was reported in the SSH Secure Shell Windows client from SSH Communications. A remote user (via an SSH session) could cause arbitrary code to be executed on the target user's system.

It is reported that, in certain circumstances, the URL capturing mechanism of the SSH Secure Shell Windows client may allow a remote user to cause arbitrary code to be executed on a target user's computer. The target user must click on a malicious URL.

A remote user can create a specially crafted URL with ~500 characters. When the target user clicks on this URL, a buffer in the client will overflow and arbitrary code may be executed on the target user's system. Note that the URL must be delivered to the target user via the SSH client and the target user must click on the URL.

Impact:   A remote user may be able to cause arbitrary code to be executed on the target user's system. The code would run with the privileges of the target user.
Solution:   The vendor has issued a fix in SSH Secure Shell Windows client versions 3.1.5 and 3.2.2.

SSH Secure Shell for Workstations 3.2.2
(for customers that have a valid license or non-commercial users)

English Windows Client: ftp://ftp.ssh.com/priv/secureshell/6g3zslpk/windows/

Users with a commercial license for a 3.2.0 product can install the 3.2.2 version binary on top of the old 3.2.0. The vendor states that a valid license.dat file is required for the English Windows client to function in commercial mode (without the license file, the software will function in non-commercial mode, with PKI functionality disabled).

SSH Secure Shell for Workstations 3.1.5
(for customers that have a valid license)

Japanese Windows Client: ftp://ftp.ssh.com/priv/secureshell/h7cq89th/japanese/windows/
German Windows Client: ftp://ftp.ssh.com/priv/secureshell/h7cq89th/deutsch/windows/
French Windows Client: ftp://ftp.ssh.com/priv/secureshell/h7cq89th/francais/windows/
English Windows Client: ftp://ftp.ssh.com/priv/secureshell/h7cq89th/windows/

A valid license.dat file is required separately for each localized version.

Vendor URL:  www.ssh.com/company/newsroom/article/287/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  SSH Windows Client Buffer Overflow


http://www.ssh.com/company/newsroom/article/287/

SSH.com reported a buffer overflow vulnerability in the Secure Shell 3.1 to 3.2.0 Windows
client.

It is reported that, in certain circumstances, the URL capturing mechanism of the SSH
Secure Shell Windows client may allow a remote user to cause arbitrary code to be executed
on a target user's computer.  The target user must click on a malicious URL.

Versions:

* SSH Secure Shell for Workstations 3.1 and 3.1.x (also the localized language versions)
* SSH Secure Shell for Workstations 3.2.0

A remote user can create a specially crafted URL with ~500 characters.  When the target
user clicks on this URL, a buffer in the client will overflow and arbitrary code may be
executed on the target user's system.  Note that the URL must be delivered to the target
user via the SSH client and the target user must click on the URL.

The vendor has issued a fix in SSH Secure Shell Windows client versions 3.1.5 and 3.2.2.

SSH Secure Shell for Workstations 3.2.2 
(for customers that have a valid license or non-commercial users)

English Windows Client:  ftp://ftp.ssh.com/priv/secureshell/6g3zslpk/windows/

Users with a commercial license for a 3.2.0 product can install the 3.2.2 version binary
on top of the old 3.2.0.  The vendor states that a valid license.dat file is required for
the English Windows client to function in commercial mode (without the license file, the
software will function in non-commercial mode, with PKI functionality disabled).

SSH Secure Shell for Workstations 3.1.5
(for customers that have a valid license)

Japanese Windows Client: ftp://ftp.ssh.com/priv/secureshell/h7cq89th/japanese/windows/
German Windows Client:   ftp://ftp.ssh.com/priv/secureshell/h7cq89th/deutsch/windows/
French Windows Client:   ftp://ftp.ssh.com/priv/secureshell/h7cq89th/francais/windows/
English Windows Client:  ftp://ftp.ssh.com/priv/secureshell/h7cq89th/windows/

A valid license.dat file is required separately for each localized version.



 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC