|
Family: Gain root remotely --> Category: denial
freeSSHd Key Exchange Buffer Overflow Vulnerability Scan
Vulnerability Scan Summary Checks for a buffer overflow in freeSSHd
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote SSH server is prone to a buffer overflow vulnerability.
Description :
The remote host is using freeSSHd, a free SSH server for Windows.
The version of freeSSHd installed on the remote host does not validate
the key exchange strings sent by a SSH client. This can result in a
buffer overflow and possibly a compromise of the host if an
unauthenticated attacker sends a long key exchange string.
See also :
http://secunia.com/advisories/19846
http://freesshd.com/?ctt=download
Solution :
Upgrade to FreeSSHd version 1.0.10 or later.
Threat Level:
High / CVSS Base Score : 7.0
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|