Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.200012
Kategorie:Gain a shell remotely
Titel:FreeSSHD Key Exchange Buffer Overflow
Zusammenfassung:A vulnerable version of FreeSSHd is installed on; the remote host.
Beschreibung:Summary:
A vulnerable version of FreeSSHd is installed on
the remote host.

Vulnerability Impact:
The version installed does not validate key exchange strings
send by a SSH client. This results in a buffer overflow and possible a compromise of the host
if the client is sending a long key exchange string.

Note :

At this point the FreeSSHD Service is reported down. You should start it manually again.

Solution:
Upgrade to the latest release.
See the references for more information.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Querverweis: BugTraq ID: 17958
Common Vulnerability Exposure (CVE) ID: CVE-2006-2407
http://www.securityfocus.com/bid/17958
Bugtraq: 20060514 POC exploit for freeSSHd version 1.0.9 (Google Search)
http://www.securityfocus.com/archive/1/434007/100/0/threaded
Bugtraq: 20060515 Re: [Full-disclosure] POC exploit for freeSSHd version 1.0.9 (Google Search)
http://www.securityfocus.com/archive/1/434038/100/0/threaded
Bugtraq: 20060517 BUGTRAQ:20060517 Re:POC exploit for freeFTPd 1.0.10 (Google Search)
http://www.securityfocus.com/archive/1/434415/100/0/threaded
Bugtraq: 20060517 POC exploit for freeFTPd 1.0.10 (Google Search)
http://www.securityfocus.com/archive/1/434402/100/0/threaded
Bugtraq: 20060517 Re:POC exploit for freeFTPd 1.0.10 (Google Search)
http://www.securityfocus.com/archive/1/434415/30/4920/threaded
CERT/CC vulnerability note: VU#477960
http://www.kb.cert.org/vuls/id/477960
http://marc.info/?l=full-disclosure&m=114764338702488&w=2
http://www.osvdb.org/25463
http://www.osvdb.org/25569
http://secunia.com/advisories/19845
http://secunia.com/advisories/19846
http://secunia.com/advisories/20136
http://securityreason.com/securityalert/901
http://www.vupen.com/english/advisories/2006/1785
http://www.vupen.com/english/advisories/2006/1786
http://www.vupen.com/english/advisories/2006/1842
XForce ISS Database: freesshd-key-exchange-bo(26442)
https://exchange.xforce.ibmcloud.com/vulnerabilities/26442
CopyrightCopyright (C) 2008 Ferdy Riphagen

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.