Summary
The host is running freeSSHd SSH server and is prone to remote denial of service vulnerability.
NULL pointer de-referencing errors in SFTP 'rename' and 'realpath' commands.
These can be exploited by passing overly long string passed as an argument to the affected commands.
Impact
Successful exploitation will cause denial of service.
Impact Level: Application
Solution
Upgrade to freeSSHd version 1.2.6 or later.
For updates refer to http://www.freesshd.com/index.php?ctt=download
Affected
freeSSHd freeSSHd version 1.2.1.14 and prior on Windows (all)
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2008-4762 -
CVSS Base Score: 9.0
AV:N/AC:L/Au:S/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Reader PDF Handling Denial Of Service Vulnerability (Linux)
- Apache APR-Utils XML Parser Denial of Service Vulnerability
- CiscoKits CCNA TFTP Server 'Write' Command Denial Of Service Vulnerability
- FlashGet FTP PWD Response Remote Buffer Overflow Vulnerability
- Colasoft Capsa Malformed SNMP V1 Packet Remote Denial of Service Vulnerability