漏洞类别:Local
漏洞等级: 
漏洞信息
SecureCRT client provides terminal emulation with the strong encryption, broad range of authentication options, and data integrity for SSH protocol used for secure network administration and end user access.
SecureFX provides the strong encryption and authentication required to secure your data-in-transit. SecureFX supports protocols such as SFTP, FTP over TLS, and SCP.
SecureCRT and SecureFX is vulnerable to a buffer overflow attack which allow remote attackers to execute arbitrary code.
Affected Version:
SecureCRT version 5.0.4 and earlier
SecureFX 3.0.4 version and earlier
QID Detection Logic (authenticated):
The QID check for the vulnerable version of SecureCRT.exe. The location of the file is determined with the help of the registry key "HKLM\SOFTWARE\VanDyke\SecureCRT\Install" value "Main Directory".
The QID check for the vulnerable version of SecureFX.exe. The location of the file is determined with the help of the registry key "HKLM\SOFTWARE\VanDyke\SecureFX\Install" value "Main Directory".
漏洞危害
Successful exploitation of the vulnerability allows a remote attacker to execute arbitrary code on the system.
解决方案
Customers are advised to refer to 19040 for information pertaining to remediating this vulnerability.
Workaround:
QID Detection Logic (authenticated):
The QID check for the vulnerable version of SecureCRT.exe. The location of the file is determined with the help of the registry key "HKLM\SOFTWARE\VanDyke\SecureCRT\Install" value "Main Directory".
The QID check for the vulnerable version of SecureFX.exe. The location of the file is determined with the help of the registry key "HKLM\SOFTWARE\VanDyke\SecureFX\Install" value "Main Directory".
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
文章评论