CVE-2006-2407

Name of the Vulnerable Software and Affected Versions WeOnlyDo wodSSHServer ActiveX Component versions 1.2.7 through 1.3.3 FreeSSHd version 1.0.9 freeFTPd version 1.0.10

Description The issue allows remote attackers to execute arbitrary code via a long key exchange algorithm string, which is a result of a stack-based buffer overflow. This can be exploited by providing a long string to the key exchange algorithm, leading to potential code execution.

Recommendations For WeOnlyDo wodSSHServer ActiveX Component versions 1.2.7 through 1.3.3, consider restricting the length of the key exchange algorithm string to prevent buffer overflow. For FreeSSHd version 1.0.9, restrict access to the key exchange algorithm to minimize the risk of exploitation. For freeFTPd version 1.0.10, avoid using long key exchange algorithm strings until the issue is resolved.