Sysax SSH Username Remote Code Execution

Added: 03/06/2012
BID: 52190
OSVDB: 79689


Sysax Multi Server is a Secure FTP Server and SSH2 Secure Shell Server combined into a single product. It simultaneously supports remote access and file transfer using FTP, FTPS, SFTP, Telnet, and Secure Shell. It also supports web based file transfer using HTTP and HTTPS.


The flaw is caused due to a boundary error in SSH component while processing authentication requests. This can be exploited to cause a stack-based buffer overflow via long username sent to TCP port 22.


Upgrade Sysax Multi Server to version 5.55



This exploit has been tested against Sysax Multi Server version 5.53 with Sysax local User Account/Windows User Account on Windows XP OEM and SP3 English (DEP OptIn) and Windows 2003 SP2 English (DEP OptIn).

The OpenSSH client must be installed on the SAINTexploit host.


Windows XP
Windows Server 2003

Back to exploit index