Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:8CB0C8E71A5488B3A8B94642843C6474
HistoryMay 17, 2006 - 12:00 a.m.

FreeSSHd key exchange buffer overflow

2006-05-1700:00:00
SAINT Corporation
download.saintcorporation.com
13

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.688

Percentile

98.0%

JSON

Added: 05/17/2006
CVE: CVE-2006-2407
BID: 17958
OSVDB: 25463

Background

freeSSHd is a free SSH server based on WeOnlyDo wodSSHServer.

Problem

wodSSHServer and its derivatives, including freeSSHd, are affected by a buffer overflow vulnerability in the key exchange algorithm. A remote attacker can execute arbitrary commands on the server.

Resolution

Upgrade to wodSSHServer version 1.3.4 or higher or freeSSHd 1.0.10 or higher.

References

<http://secunia.com/advisories/19845&gt;
<http://secunia.com/advisories/19846&gt;

Limitations

Works on FreeSSHd 1.0.9.

Platforms

Windows 2000 SP0
Windows 2000 SP1
Windows 2000 SP2
Windows 2000 SP3
Windows 2000 SP4 / Windows 2000
Windows XP SP0
Windows XP SP1
Windows XP SP2 / Windows XP
Windows Server 2003
Windows Server 2003 SP1

Related

saint 3
cert 1
exploitdb 3
openvas 2
metasploit 2
packetstorm 2
cve 1
cvelist 1
nessus 1
nvd 1
prion 1
checkpoint_advisories 1
saint
saint
FreeSSHd key exchange buffer overflow
2006-05-17 00:00:00
FreeSSHd key exchange buffer overflow
2006-05-17 00:00:00
FreeSSHd key exchange buffer overflow
2006-05-17 00:00:00
cert
cert
WeOnlyDo! Software wodSSHServer ActiveX component fails to properly validate key exchange algorithm strings
2006-05-18 00:00:00
exploitdb
exploitdb
freeFTPd 1.0.10 - Key Exchange Algorithm String Buffer Overflow (Metasploit)
2010-05-09 00:00:00
freeSSHd 1.0.9 - Key Exchange Algorithm String Buffer Overflow (Metasploit)
2010-05-09 00:00:00
freeSSHd 1.0.9 - Key Exchange Algorithm Buffer Overflow
2006-05-15 00:00:00
openvas
openvas
FreeSSHD Key Exchange Buffer Overflow
2008-08-22 00:00:00
FreeSSHD Key Exchange Buffer Overflow
2008-08-22 00:00:00
metasploit
metasploit
FreeSSHd 1.0.9 Key Exchange Algorithm String Buffer Overflow
2006-10-10 19:33:49
FreeFTPd 1.0.10 Key Exchange Algorithm String Buffer Overflow
2009-12-02 22:31:13
packetstorm
packetstorm
FreeSSHd 1.0.9 Key Exchange Algorithm String Buffer Overflow
2009-11-26 00:00:00
FreeFTPd 1.0.10 Key Exchange Algorithm String Buffer Overflow
2009-11-26 00:00:00
cve
cve
CVE-2006-2407
2006-05-16 10:02:00
cvelist
cvelist
CVE-2006-2407
2006-05-16 10:00:00
nessus
nessus
freeSSHd Key Exchange Algorithm String Remote Overflow
2006-05-22 00:00:00
nvd
nvd
CVE-2006-2407
2006-05-16 10:02:00
prion
prion
Stack overflow
2006-05-16 10:02:00
checkpoint_advisories
checkpoint_advisories
Malformed Key Exchange Init Message (CAN-2006-2407; CAN-2006-2421)
2006-06-18 00:00:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.688

Percentile

98.0%

JSON
Related for SAINT:8CB0C8E71A5488B3A8B94642843C6474
saint3cert1exploitdb3openvas2metasploit2packetstorm2cve1cvelist1nessus1nvd1prion1checkpoint_advisories1