Vulnerability Note VU#140977

SSH Secure Shell for Workstations contains buffer overflow in URL-handling feature

Overview

The Windows version of SSH Secure Shell for Workstations contains a buffer overflow vulnerability that may allow an attacker to execute arbitrary code.

I. Description

The SSH Secure Shell for Workstations client includes a URL-handling feature that allows users to launch URLs that appear in the terminal window. When the user clicks on a URL, it will be launched using their default browser.

Versions 3.1 to 3.2.0 of this application contain a buffer overflow vulnerability that is triggered when the launched URL is approximately 500 characters or greater in length. To exploit this vulnerability, an attacker must supply a malicious URL to a terminal session and convince the victim to launch it.

II. Impact

This vulnerability allows an attacker to execute arbitrary code by convincing an unsuspecting user to click on a malicious URL.

III. Solution

Apply a patch

SSH Communications Security has released a Security Advisory to address this vulnerability. For more information, please see

http://www.ssh.com/company/newsroom/article/287/

Systems Affected

Vendor	Status	Date Notified	Date Updated
SSH Communications Security	Vulnerable	4-Dec-2002

References

http://www.ssh.com/company/newsroom/article/287/
http://ftp.ssh.com/priv/secureshell/6g3zslpk/windows/

Credit

The CERT/CC thanks SSH Communications Security for reporting this vulnerability.

This document was written by Jeffrey P. Lanza.

Other Information

Date Public:	2002-11-25
Date First Published:	2002-12-04
Date Last Updated:	2002-12-13
CERT Advisory:
CVE-ID(s):
NVD-ID(s):
US-CERT Technical Alerts:
Metric:	1.60
Document Revision:	16

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Get Adobe Reader