FreeSSHD Key Exchange Buffer Overflow Network Vulnerability

Summary

A vulnerable version of FreeSSHd is installed on the remote host. Description : The version installed does not validate key exchange strings send by a SSH client. This results in a buffer overflow and possible a compromise of the host if the client is sending a long key exchange string.

Solution

Upgrade to the latest release. See second url in the 'See also' section. Note : At this point the FreeSSHD Service is reported down. You should start it manualy again.

References

http://secunia.com/advisories/19846
http://www.freesshd.com/?ctt=download

Updated on 2015-03-25

Severity

Classification

CVE CVE-2006-2407
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Format string on URI
dwhttpd format string
mod_ssl hook functions format string vulnerability
Delegate Multiple Overflows
Cherokee remote command execution

Take action and discover your vulnerabilities