CERTVU:477960WeOnlyDo! Software wodSSHServer ActiveX component fails to properly validate key exchange algorithm strings
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
98.0%
Overview
The WeOnlyDo! Software wodSSHServer ActiveX component fails to properly validate the length of key exchange algorithm strings. This may allow a remote, unauthenticated attacker to execute arbitrary code.
Description
wodSSHServer****ActiveX component
According to the wodSSHServer ActiveX component website:
wodSSHServer is an SSH Server ActiveX component (but also Telnet Server ActiveX as well) that will give you ability to easily add SSH2 (and SFTP) server capabilities to your application, as well as old TELNET server protocol.
The Problem
wodSSHServer does not validate key exchange algorithm strings supplied by a client. If a client sends a specially crafted key exchange algorithm string to a vulnerable wodSSHServer installation, that attacker may be able to trigger the overflow.
Any application that uses the wodSSHServer ActiveX Component may be affected by this vulnerability. Known instances of this are freeSSHd and freeFTPd, but there may be others.
Note that working exploit code for this vulnerability is publicly available.
Impact
A remote attacker may be able to execute arbitrary code on the server using the wodSSHServer ActiveX component. If that server is running with administrative privileges, the attacker could gain complete control of the system.
Solution
Upgrade
This issue is addressed in wodSSHServer ActiveX component version 1.3.4, freeSSHd version 1.0.10, and freeFTPd version 1.0.11.
Vendor Information
477960
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
WeOnlyDo! Software __ Affected
Updated: May 18, 2006
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Refer to http://www.weonlydo.com/index.asp?showform=SSHServer&rnotes=1.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23477960 Feedback>).
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- <http://secunia.com/advisories/19846/>
- <http://secunia.com/advisories/19845/>
- http://www.weonlydo.com/index.asp?showform=SSHServer&rnotes=1
- <http://freesshd.com/>
- <http://www.freeftpd.com/>
Acknowledgements
This issue was reported by Gerry Eisenhaur.
This document was written by Jeff Gennari.
Other Information
| CVE IDs: | CVE-2006-2407 |
|---|---|
| Severity Metric: | 32.92 Date Public: |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
98.0%