CVE-2006-2407

Sažetak

Stack-based buffer overflow in (1) WeOnlyDo wodSSHServer ActiveX Component 1.2.7 and 1.3.3 DEMO, as used in other products including (2) FreeSSHd 1.0.9 and (3) freeFTPd 1.0.10, allows remote attackers to execute arbitrary code via a long key exchange algorithm string.

Reference

http://marc.info/?l=full-disclosure&m=114764338702488&w=2
http://secunia.com/advisories/19845
http://secunia.com/advisories/19846
http://secunia.com/advisories/20136
http://securityreason.com/securityalert/901
http://www.kb.cert.org/vuls/id/477960
http://www.osvdb.org/25463
http://www.osvdb.org/25569
http://www.securityfocus.com/archive/1/434007/100/0/threaded
http://www.securityfocus.com/archive/1/434038/100/0/threaded
http://www.securityfocus.com/archive/1/434402/100/0/threaded
http://www.securityfocus.com/archive/1/434415/100/0/threaded
http://www.securityfocus.com/archive/1/434415/30/4920/threaded
http://www.securityfocus.com/bid/17958
http://www.vupen.com/english/advisories/2006/1785
http://www.vupen.com/english/advisories/2006/1786
http://www.vupen.com/english/advisories/2006/1842
https://exchange.xforce.ibmcloud.com/vulnerabilities/26442

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

18-10-2018 - 16:39

Objavljeno

16-05-2006 - 10:02