FreeSSHd key exchange buffer overflow
Added: 05/17/2006CVE: CVE-2006-2407
BID: 17958
OSVDB: 25463
Background
freeSSHd is a free SSH server based on WeOnlyDo wodSSHServer.Problem
wodSSHServer and its derivatives, including freeSSHd, are affected by a buffer overflow vulnerability in the key exchange algorithm. A remote attacker can execute arbitrary commands on the server.Resolution
Upgrade to wodSSHServer version 1.3.4 or higher or freeSSHd 1.0.10 or higher.References
http://secunia.com/advisories/19845http://secunia.com/advisories/19846
Limitations
Works on FreeSSHd 1.0.9.Platforms
Windows 2000 SP0Windows 2000 SP1
Windows 2000 SP2
Windows 2000 SP3
Windows 2000 SP4 / Windows 2000
Windows XP SP0
Windows XP SP1
Windows XP SP2 / Windows XP
Windows Server 2003
Windows Server 2003 SP1
Back to exploit index