PT-2009-2368 · None · Freesshd
Published
2009-08-05
·
Updated
2018-10-11
·
CVE-2008-6899
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
freeSSHd version 1.2.1
Description:
The issue allows remote authenticated users to cause a denial of service and execute arbitrary code via long SFTP commands, including open, unlink, mkdir, rmdir, or stat commands.
Recommendations:
For freeSSHd version 1.2.1, consider restricting access to SFTP commands or updating to a version that addresses these buffer overflows, if available. As a temporary workaround, restrict the length of input for SFTP commands to prevent exploitation.
Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Freesshd