CVE-2006-2407

Опубликовано: 16 мая 2006

Источник: nvd

CVSS2: 7.5

EPSS Высокий

Описание

Stack-based buffer overflow in (1) WeOnlyDo wodSSHServer ActiveX Component 1.2.7 and 1.3.3 DEMO, as used in other products including (2) FreeSSHd 1.0.9 and (3) freeFTPd 1.0.10, allows remote attackers to execute arbitrary code via a long key exchange algorithm string.

Ссылки

http://marc.info/?l=full-disclosure&m=114764338702488&w=2
http://secunia.com/advisories/19845
Patch
Vendor Advisory
http://secunia.com/advisories/19846
Vendor Advisory
http://secunia.com/advisories/20136
Vendor Advisory
http://securityreason.com/securityalert/901
http://www.kb.cert.org/vuls/id/477960
US Government Resource
http://www.osvdb.org/25463
http://www.osvdb.org/25569
http://www.securityfocus.com/archive/1/434007/100/0/threaded
http://www.securityfocus.com/archive/1/434038/100/0/threaded
http://www.securityfocus.com/archive/1/434402/100/0/threaded
http://www.securityfocus.com/archive/1/434415/100/0/threaded
http://www.securityfocus.com/archive/1/434415/30/4920/threaded
http://www.securityfocus.com/bid/17958
Exploit
http://www.vupen.com/english/advisories/2006/1785
Vendor Advisory
http://www.vupen.com/english/advisories/2006/1786
Vendor Advisory
http://www.vupen.com/english/advisories/2006/1842
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/26442
http://marc.info/?l=full-disclosure&m=114764338702488&w=2
http://secunia.com/advisories/19845
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:freeftpd:freeftpd:1.0.10:*:*:*:*:*:*:*

cpe:2.3:a:freesshd:freesshd:1.0.9:*:*:*:*:*:*:*

cpe:2.3:a:weonlydo:wodsshserver:1.2.7:*:*:*:*:*:*:*

cpe:2.3:a:weonlydo:wodsshserver:1.3.3_demo:*:*:*:*:*:*:*

EPSS

Процентиль: 99%

0.79892

Высокий

7.5 High

CVSS2

Дефекты

CWE-119

Связанные уязвимости

GHSA-j6fw-3hp3-jgcg

github

почти 4 года назад