CVE-2008-2573

Name of the Vulnerable Software and Affected Versions freeSSHd version 1.2.1

Description The issue is a stack-based buffer overflow in the SFTP component of freeSSHd, allowing remote authenticated users to execute arbitrary code. This can be achieved by sending a long directory name in an SSH FXP OPENDIR (also known as opendir) command.

Recommendations For freeSSHd version 1.2.1, consider restricting access to the SFTP component until a patch is available. As a temporary workaround, limit the length of directory names that can be used in SSH FXP OPENDIR commands to prevent exploitation.