FreeSSHD Key Exchange Buffer Overflow Network Vulnerability

Summary

A vulnerable version of FreeSSHd is installed on the remote host. Description : The version installed does not validate key exchange strings send by a SSH client. This results in a buffer overflow and possible a compromise of the host if the client is sending a long key exchange string.

Solution

Upgrade to the latest release. See second url in the 'See also' section. Note : At this point the FreeSSHD Service is reported down. You should start it manualy again.

References

http://secunia.com/advisories/19846
http://www.freesshd.com/?ctt=download

Updated on 2015-03-25

Severity

Classification

CVE CVE-2006-2407

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Helix RealServer Buffer Overrun
Header overflow against HTTP proxy
SSH Multiple Vulns
SysV /bin/login buffer overflow (telnet)
MonkeyWeb POST with too much data

Take action and discover your vulnerabilities