MidnightBSD

Advisories for van_dyke_technologies

CVE-2001-0155 HIGH

Format string vulnerability in VShell SSH gateway 1.0.1 and earlier allows remote attackers to execute arbitrary commands via a user name that contains format string specifiers.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
van_dyke_technologies vshell *
CVE-2001-0156 LOW

VShell SSH gateway 1.0.1 and earlier has a default port forwarding rule of 0.0.0.0/0.0.0.0, which could allow local users to conduct arbitrary port forwarding to other systems.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
van_dyke_technologies vshell 1.0.1
CVE-2001-1466 HIGH

Buffer overflow in VanDyke SecureCRT before 3.4.2, when using the SSH-1 protocol, allows remote attackers to execute arbitrary code via a long (1) username or (2) password.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
van_dyke_technologies securecrt *
CVE-2002-1059 HIGH

Buffer overflow in Van Dyke SecureCRT SSH client before 3.4.6, and 4.x before 4.0 beta 3, allows an SSH server to execute arbitrary code via a long SSH1 protocol version string.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
van_dyke_technologies securecrt 3.3.1
van_dyke_technologies securecrt 3.4.1
van_dyke_technologies securecrt 4.0_beta_2
van_dyke_technologies securecrt 3.2.1
van_dyke_technologies securecrt 3.1.1
van_dyke_technologies securecrt 3.2
van_dyke_technologies securecrt 3.0
van_dyke_technologies securecrt 3.1
van_dyke_technologies securecrt 3.4.2
van_dyke_technologies securecrt 3.4.5
van_dyke_technologies securecrt 3.3
van_dyke_technologies securecrt 4.0_beta_1
van_dyke_technologies securecrt 3.1.2
van_dyke_technologies securecrt 3.3.2
van_dyke_technologies securecrt 3.4.3
van_dyke_technologies securecrt 3.4.4
van_dyke_technologies securecrt 2.4
van_dyke_technologies securecrt 3.3.3
van_dyke_technologies securecrt 3.4
CVE-2003-0047 MEDIUM

SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7, (2) SecureFX 2.1.2 and 2.0.4, and (3) Entunnel 1.0.2 and earlier, do not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
van_dyke_technologies securecrt 3.4.7
van_dyke_technologies entunnel *
van_dyke_technologies securecrt 4.0.2
van_dyke_technologies securefx 2.0.4
van_dyke_technologies securefx 2.1.2
CVE-2004-1541 HIGH

SecureCRT 4.0, 4.1, and possibly other versions, allows remote attackers to execute arbitrary commands via a telnet:// URL that uses the /F option to specify a configuration file on a samba share.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
van_dyke_technologies securecrt 4.1.1
van_dyke_technologies securecrt 4.0.4
van_dyke_technologies securecrt 4.0.5
van_dyke_technologies securecrt 4.0.1
van_dyke_technologies securecrt 4.1.4
van_dyke_technologies securecrt 4.1.5
van_dyke_technologies securecrt 4.1.2
van_dyke_technologies securecrt 4.1
van_dyke_technologies securecrt 4.1.8
van_dyke_technologies securecrt 4.0.3
van_dyke_technologies securecrt 4.1.3
van_dyke_technologies securecrt 4.0.2
van_dyke_technologies securecrt 4.1.6
van_dyke_technologies securecrt 4.1.7
CVE-2006-1038 HIGH

Buffer overflow in SecureCRT 5.0.4 and earlier and SecureFX 3.0.4 and earlier allows remote attackers to have an unknown impact when a Unicode string is converted to a "narrow" string.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
van_dyke_technologies securecrt 5.0.1
van_dyke_technologies securefx 3.0.1
van_dyke_technologies securecrt 5.0
van_dyke_technologies securefx 3.0_beta_1
van_dyke_technologies securecrt 5.0_beta_3
van_dyke_technologies securefx 3.0_beta_6
van_dyke_technologies securefx 3.0_beta_5
van_dyke_technologies securecrt 5.0_beta_5
van_dyke_technologies securecrt 5.0.3
van_dyke_technologies securecrt 5.0_beta_6
van_dyke_technologies securefx 3.0
van_dyke_technologies securecrt 5.0_beta_2
van_dyke_technologies securefx 3.0_beta_7
van_dyke_technologies securefx 3.0.3
van_dyke_technologies securefx 3.0_beta_4
van_dyke_technologies securecrt 5.0.2
van_dyke_technologies securefx 3.0.2
van_dyke_technologies securefx 3.0_beta_2
van_dyke_technologies securefx 3.0_beta_3
van_dyke_technologies securecrt 5.0.4
van_dyke_technologies securefx 3.0.4
van_dyke_technologies securecrt 5.0_beta_4
van_dyke_technologies securecrt 5.0_beta_1