SecureCRT Exploit Proxy v1.26 Vulnerability exploited: CVE-2002-1059 - BID-5287 Category: Exploits/Client Side Exploits a vulnerability in SecureCRT's ssh client. Exploits a vulnerability in the SecureCRT SSH client. The vulnerability is a stack buffer overflow that occurs when parsing the SSH protocol identifier string returned by the server.This exploit proxies TCP connections to a remote (or local) SSH server and monitors the SSH version string of connecting clients. Since the exploit needs to be performed before the client sends it's version string this module only records the IP address of vulnerable clients the first time that they connect. The second time a connection attempt appears from the vulnerable IP address, the module attempts to exploit the vulnerability. After that, regardless of whether the exploitation was successful or not, no further exploitation attempts are made against the vulnerable client.A successful attack depends on the client user dismissing an error dialog that appears. Since the exploitable condition does not occur until after the user has dismissed this dialog the exploit cannot be sure when the attack has completed so it makes 10 attempts to connect at 5 second intervals. Supported Systems: Windows 2000 Professional - sp2 (i386) Windows 2000 Server - sp2 (i386) Windows 2000 Advanced Server - sp2 (i386) SecureCRT v3.4.3 under Microsoft Windows 2000 [Professional, Server, Advanced Server], Service Packs [0, 1, 2] This module is included in the latest version of CORE IMPACT, the first automated comprehensive penetration testing product for accurately identifying information security risks. Click here to learn more about the product.