Signature Detail
Short Name |
SSH:OVERFLOW:FREESSHD-KEY-OF |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
SSH |
Keywords |
FreeSSHd Key Exchange Algorithm String Buffer Overflow |
Release Date |
2006/05/17 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
SSH: FreeSSHd Key Exchange Algorithm String Buffer Overflow
This signature detects attempts to exploit a known vulnerability in FreeSSHd service. Attackers, sending a maliciously crafted SSH key exchange, which is designed to exploit a buffer overflow, can execute arbitrary code with SYSTEM privileges on the server.
Extended Description
Multiple SSH server implementations are prone to a remote buffer-overflow vulnerability. The applications fail to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. A successful attack may facilitate arbitrary code execution. Exploiting this vulnerability may allow an attacker to gain administrative access on targeted computers.
Affected Products
- freeFTPd 1.0.0
- freeFTPd 1.0.1
- freeFTPd 1.0.10
- freeFTPd 1.0.2
- freeFTPd 1.0.3
- freeFTPd 1.0.4
- freeFTPd 1.0.5
- freeFTPd 1.0.6
- freeFTPd 1.0.7
- freeFTPd 1.0.8
- freeFTPd 1.0.9
- freeSSHd 1.0.9
- WeOnlyDo! wodSSHServer 1.2.7
- WeOnlyDo! wodSSHServer 1.3.3 DEMO
References