GoodTech SSH Server SFTP Multiple BOF Vulnerabilities Network Vulnerability

Summary

The host is running GoodTech SSH server and is prone to multiple buffer overflow vulnerabilities. The flaws are due to error in SFTP 'open', 'opendir', and 'unlink' commands. This can be exploited by passing overly long string argument.

Impact

Successful exploitation allows execution of arbitrary code, and denial of service. Impact Level: Application

Solution

Upgrade to GoodTech SSH Server version 6.5 or later. For updates refer to http://www.goodtechsys.com/sshdnt2000.asp

Affected

GoodTech SSH Server version 6.4 and prior on Windows (all)

References

http://secunia.com/advisories/32375/
http://www.frsirt.com/english/advisories/2008/2895

Updated on 2017-03-28

Severity

Classification

CVE CVE-2008-4726
CVSS Base Score: 9.0
AV:N/AC:L/Au:S/C:C/I:C/A:C

Related Vulnerabilities

ClamAV Multiple Vulnerabilities (Linux)
Adersoft VbsEdit '.vbs' File Denial Of Service Vulnerability
Google Chrome Multiple Denial of Service Vulnerabilities - March12 (Linux)
Avaya IP Office Manager TFTP Denial of Service Vulnerability
Epson EventManager 'x-protocol-version' Denial of Service Vulnerability

Take action and discover your vulnerabilities