GoodTech SSH Server SFTP buffer overflow

2008-11-28T00:00:00
ID SAINT:B03455F43BA4B175FC7FC62B6201FBF8
Type saint
Reporter SAINT Corporation
Modified 2008-11-28T00:00:00

Description

Added: 11/28/2008
CVE: CVE-2008-4726
BID: 31879
OSVDB: 49249

Background

GoodTech SSH Server is an SSH Server providing secure remote console, secure file transfer, and secure port forwarding capabilities for Windows platforms.

Problem

Buffer overflow vulnerabilities in GoodTech SSH Server allow remote, authenticated attackers to execute arbitrary commands by sending specially crafted arguments to SFTP commands.

Resolution

Restrict access to trusted users only.

References

<http://secunia.com/advisories/32375/>

Limitations

Exploit works on GoodTech SSH Server 6.4 and requires a valid SSH login and password.

This exploit requires the **sftp** command to be present on the SAINTexploit host.

The PERL module IO::Pty is required to execute this exploit.

Platforms

Windows 2000
Windows Server 2003