CVE-2008-0097

Name of the Vulnerable Software and Affected Versions Georgia SoftWorks SSH2 Server (GSW SSHD) versions 7.01.0003 and earlier

Description The issue allows remote attackers to execute arbitrary code via format string specifiers in the username field. This can be demonstrated by a certain LoginPassword message.

Recommendations For versions 7.01.0003 and earlier, consider disabling the log function temporarily until a patch is available to prevent exploitation. Restrict access to the log function to minimize the risk of arbitrary code execution. Avoid using format string specifiers in the username field until the issue is resolved.