Sysax Multi Server SSH Component NULL Pointer Dereference DOS Vulnerability Network Vulnerability

Summary

The host is running Sysax Multi Server and is prone to denial of service vulnerability.

Impact

Successful exploitation will allow remote attackers to cause the application to crash, creating a denial-of-service condition. Impact Level: Application

Solution

Upgrade to Sysax Multi Server 6.11 or later, For updates refer to http://www.sysax.com/server

Insight

The flaw is due to a NULL pointer dereference error within the SSH component when negotiating cipher keys and can be exploited to cause a crash via a specially crafted cipher.

Affected

Sysax Multi Server version 6.10

References

http://packetstormsecurity.com/files/121207
http://secunia.com/advisories/52934
http://www.exploit-db.com/exploits/24940
http://www.mattandreko.com/2013/04/sysax-multi-server-610-ssh-dos.html
http://www.osvdb.org/92081

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C

Related Vulnerabilities

ClamAV 'find_stream_bounds()' PDF File Processing Denial Of Service Vulnerability
ActFax LPD/LPR Server Denial of Service Vulnerability
connect to all open ports
Apple QuickTime Multiple Vulnerabilities - Jun09
Apple QuickTime Multiple Denial Of Service Vulnerabilities (Win)

Take action and discover your vulnerabilities