Info

Disclosure

May 12, 2006

Discovery

Unknown

Dates

Exploit

May 14, 2006

Solution

Unknown

Description

A remote overflow exists in freeSSHd. The application fails to properly verify key exchange strings send by a SSH client resulting in a stack-based overflow. With a specially crafted key exchange string request, an attacker can cause code execution resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Public, Exploit Commercial
Disclosure: OSVDB Verified

Solution

Upgrade to freeSSHd version 1.0.10 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

freeSSHd

1.0.9

References

Milw0rm: 1787
Exploit Database: 1787
Bugtraq ID: 17958
Secunia Advisory ID: 19846
CVE ID: 2006-2407 (see also: NVD)
Metasploit ID: 25463
ISS X-Force ID: 26442
CERT VU: 477960
VUPEN Advisory: ADV-2006-1786
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0351.html
http://www.securityfocus.com/archive/1/archive/1/434402/100/0/threaded
Vendor URL: http://freesshd.com/
Generic Exploit URL: http://metasploit.com/projects/Framework/modules/exploits/freesshd_key_exchange.pm [ Link is 404 ]
http://www.saintcorporation.com/cgi-bin/exploit_info/freesshd

Credit

Gerry Eisenhaur - -

Direct URL: http://osvdb.org/25463