Summary
The host is running freeSSHd SSH server and is prone to remote denial of service vulnerability.
NULL pointer de-referencing errors in SFTP 'rename' and 'realpath' commands.
These can be exploited by passing overly long string passed as an argument to the affected commands.
Impact
Successful exploitation will cause denial of service.
Impact Level: Application
Solution
Upgrade to freeSSHd version 1.2.6 or later.
For updates refer to http://www.freesshd.com/index.php?ctt=download
Affected
freeSSHd freeSSHd version 1.2.1.14 and prior on Windows (all)
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2008-4762 -
CVSS Base Score: 9.0
AV:N/AC:L/Au:S/C:C/I:C/A:C
Related Vulnerabilities
- Apple Safari Multiple Vulnerabilities June-09 (Win) - I
- Google Chrome Multiple Denial of Service Vulnerabilities - March12 (Mac OS X)
- Adobe Flash Player/Air Multiple DoS Vulnerabilities - Aug09 (Win)
- CUPS Multiple Vulnerabilities - Oct08
- Google Chrome Multiple Denial of Service Vulnerabilities - February 11(Windows)