Multiple Vendor SSH Server Remote Buffer Overflow Vulnerability
BID:17958
CVE-2006-2407 |Info
Multiple Vendor SSH Server Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 17958 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 12 2006 12:00AM |
| Updated: | May 23 2006 10:13PM |
| Credit: | Gerry Eisenhaur discovered this issue. |
| Vulnerable: |
WeOnlyDo! wodSSHServer 1.3.3 DEMO WeOnlyDo! wodSSHServer 1.2.7 freeSSHd freeSSHd 1.0.9 freeFTPd freeFTPd 1.0.10 freeFTPd freeFTPd 1.0.9 freeFTPd freeFTPd 1.0.8 freeFTPd freeFTPd 1.0.7 freeFTPd freeFTPd 1.0.6 freeFTPd freeFTPd 1.0.5 freeFTPd freeFTPd 1.0.4 freeFTPd freeFTPd 1.0.3 freeFTPd freeFTPd 1.0.2 freeFTPd freeFTPd 1.0.1 freeFTPd freeFTPd 1.0 |
| Not Vulnerable: |
freeFTPd freeFTPd 1.0.11 |
Discussion
Multiple Vendor SSH Server Remote Buffer Overflow Vulnerability
Multiple SSH server implementations are prone to a remote buffer-overflow vulnerability. The applications fail to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
A successful attack may facilitate arbitrary code execution. Exploiting this vulnerability may allow an attacker to gain administrative access on targeted computers.
Multiple SSH server implementations are prone to a remote buffer-overflow vulnerability. The applications fail to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
A successful attack may facilitate arbitrary code execution. Exploiting this vulnerability may allow an attacker to gain administrative access on targeted computers.
Exploit / POC
Multiple Vendor SSH Server Remote Buffer Overflow Vulnerability
An exploit (2680392359-ssh.py) for freeSSHd 1.0.9 is available.
Exploit modules as part of the Metasploit Framework are available:
freesshd_key_exchange.pm
freeftpd_key_exchange.pm
An exploit (2680392359-ssh.py) for freeSSHd 1.0.9 is available.
Exploit modules as part of the Metasploit Framework are available:
freesshd_key_exchange.pm
freeftpd_key_exchange.pm
Solution / Fix
Multiple Vendor SSH Server Remote Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
freeFTPd freeFTPd 1.0
freeFTPd freeFTPd 1.0.1
freeFTPd freeFTPd 1.0.10
freeFTPd freeFTPd 1.0.2
freeFTPd freeFTPd 1.0.3
freeFTPd freeFTPd 1.0.4
freeFTPd freeFTPd 1.0.5
freeFTPd freeFTPd 1.0.6
freeFTPd freeFTPd 1.0.7
freeFTPd freeFTPd 1.0.8
freeFTPd freeFTPd 1.0.9
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
freeFTPd freeFTPd 1.0
-
freeFTPd freeFTPd 1.0.11
http://freeftpd.com/?ctt=download
freeFTPd freeFTPd 1.0.1
-
freeFTPd freeFTPd 1.0.11
http://freeftpd.com/?ctt=download
freeFTPd freeFTPd 1.0.10
-
freeFTPd freeFTPd 1.0.11
http://freeftpd.com/?ctt=download
freeFTPd freeFTPd 1.0.2
-
freeFTPd freeFTPd 1.0.11
http://freeftpd.com/?ctt=download
freeFTPd freeFTPd 1.0.3
-
freeFTPd freeFTPd 1.0.11
http://freeftpd.com/?ctt=download
freeFTPd freeFTPd 1.0.4
-
freeFTPd freeFTPd 1.0.11
http://freeftpd.com/?ctt=download
freeFTPd freeFTPd 1.0.5
-
freeFTPd freeFTPd 1.0.11
http://freeftpd.com/?ctt=download
freeFTPd freeFTPd 1.0.6
-
freeFTPd freeFTPd 1.0.11
http://freeftpd.com/?ctt=download
freeFTPd freeFTPd 1.0.7
-
freeFTPd freeFTPd 1.0.11
http://freeftpd.com/?ctt=download
freeFTPd freeFTPd 1.0.8
-
freeFTPd freeFTPd 1.0.11
http://freeftpd.com/?ctt=download
freeFTPd freeFTPd 1.0.9
-
freeFTPd freeFTPd 1.0.11
http://freeftpd.com/?ctt=download
References
Multiple Vendor SSH Server Remote Buffer Overflow Vulnerability
References:
References:
- Changelog (freeFTPd)
- freeSSHd Home Page (freeSSHd)
- wodSSHServer Product Page (WeOnlyDo!)
- POC exploit for freeSSHd version 1.0.9 (Tauqeer Ahmad