PT-2006-3368 · Freeftpd+2 · Freeftpd+2
Gerry Eisenhaur
·
Published
2006-05-16
·
Updated
2018-10-18
·
CVE-2006-2407
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
WeOnlyDo wodSSHServer ActiveX Component versions 1.2.7 through 1.3.3
FreeSSHd version 1.0.9
freeFTPd version 1.0.10
Description
The issue allows remote attackers to execute arbitrary code via a long key exchange algorithm string, which is a result of a stack-based buffer overflow. This can be exploited by providing a long string to the key exchange algorithm, leading to potential code execution.
Recommendations
For WeOnlyDo wodSSHServer ActiveX Component versions 1.2.7 through 1.3.3, consider restricting the length of the key exchange algorithm string to prevent buffer overflow.
For FreeSSHd version 1.0.9, restrict access to the key exchange algorithm to minimize the risk of exploitation.
For freeFTPd version 1.0.10, avoid using long key exchange algorithm strings until the issue is resolved.
Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Freesshd
Weonlydo Wodsshserver Activex
Freeftpd