SecureCRT SSH1 Identifier String Buffer Overflow Vulnerability

SecureCRT SSH1 Identifier String Buffer Overflow Vulnerability

Exploit code has been developed by "Andrea Lisci" <andrea.lisci@fst.it>.

A proof-of-concept program to demonstrate the overflow condition was submitted by Kyuzo <ogl@SirDrinkalot.rm-f.net>.

CORE has developed a working commercial exploit for their IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.

A Metasploit exploit module is available.

/data/vulnerabilities/exploits/securecrt_ssh1.pm
/data/vulnerabilities/exploits/securecrtpoc.c
/data/vulnerabilities/exploits/securecrt-exp.c