Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2407

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-2407
Last Modified 07 Mar 2011 12:00:00
Published 16 May 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2407

Summary

Stack-based buffer overflow in (1) WeOnlyDo wodSSHServer ActiveX Component 1.2.7 and 1.3.3 DEMO, as used in other products including (2) FreeSSHd 1.0.9 and (3) freeFTPd 1.0.10, allows remote attackers to execute arbitrary code via a long key exchange algorithm string.

Vulnerable Systems

Application

  • Freeftpd 1.0.10

  • Freesshd 1.0.9

  • Weonlydo Wodsshserver 1.2.7

  • Weonlydo Wodsshserver 1.3.3 Demo


References

CERT-VN - VU#477960

SECUNIA - 19845

XF - freesshd-key-exchange-bo(26442)

VUPEN - ADV-2006-1842

VUPEN - ADV-2006-1786

VUPEN - ADV-2006-1785

BID - 17958

BUGTRAQ - 20060517 Re:POC exploit for freeFTPd 1.0.10

BUGTRAQ - 20060517 BUGTRAQ:20060517 Re:POC exploit for freeFTPd 1.0.10

BUGTRAQ - 20060517 POC exploit for freeFTPd 1.0.10

BUGTRAQ - 20060515 Re: [Full-disclosure] POC exploit for freeSSHd version 1.0.9

BUGTRAQ - 20060514 POC exploit for freeSSHd version 1.0.9

OSVDB - 25569

OSVDB - 25463

SREASON - 901

SECUNIA - 20136

SECUNIA - 19846


Last Updated: 27 May 2016 10:42:27