TITLE: WRQ Reflection Secure IT SFTP Format String Vulnerability
SECUNIA ADVISORY ID: SA18843
VERIFY ADVISORY: http://secunia.com/advisories/18843/
CRITICAL: Moderately critical
IMPACT: System access
WHERE: >From remote
SOFTWARE: WRQ Reflection for Secure IT UNIX Server 6.x http://secunia.com/product/8068/ F-Secure SSH for Windows 5.x http://secunia.com/product/188/ F-Secure SSH for UNIX 5.x http://secunia.com/product/8069/ F-Secure SSH for UNIX 4.x http://secunia.com/product/8076/ F-Secure SSH for UNIX 3.x http://secunia.com/product/2290/ WRQ Reflection for Secure IT Windows Server 6.x http://secunia.com/product/5642/
DESCRIPTION: A vulnerability has been reported in Reflection Secure IT, which can be exploited by malicious users to compromise a vulnerable system.
The vulnerability is caused due to a format string error in the SFTP component during logging of accessed file names. This can potentially be exploited to execute arbitrary code via a file with specially crafted file name.
Successful exploitation requires that a user is authenticated to the SFTP service.
SOLUTION: Update to a fixed version.
-- Windows Server --
Reflection for Secure IT Windows Server: Update to version 6.0 build 38.
F-Secure SSH Server for Windows: Update to version 5.3 build 35.
-- UNIX Server --
Reflection for Secure IT UNIX Server: Update to version 126.96.36.199.
F-Secure SSH Server for UNIX: Update to version 5.0.8.
PROVIDED AND/OR DISCOVERED BY: Reported by vendor.
ORIGINAL ADVISORY: WRQ: http://support.wrq.com/techdocs/1882.html
OTHER REFERENCES: US-CERT VU#419241: http://www.kb.cert.org/vuls/id/419241
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.