FreeSSHd key exchange buffer overflow

Added: 05/17/2006
CVE: CVE-2006-2407
BID: 17958
OSVDB: 25463

Background

freeSSHd is a free SSH server based on WeOnlyDo wodSSHServer.

Problem

wodSSHServer and its derivatives, including freeSSHd, are affected by a buffer overflow vulnerability in the key exchange algorithm. A remote attacker can execute arbitrary commands on the server.

Resolution

Upgrade to wodSSHServer version 1.3.4 or higher or freeSSHd 1.0.10 or higher.

References

http://secunia.com/advisories/19845
http://secunia.com/advisories/19846

Limitations

Works on FreeSSHd 1.0.9.

Platforms

Windows 2000 SP0
Windows 2000 SP1
Windows 2000 SP2
Windows 2000 SP3
Windows 2000 SP4 / Windows 2000
Windows XP SP0
Windows XP SP1
Windows XP SP2 / Windows XP
Windows Server 2003
Windows Server 2003 SP1

Back to exploit index