GoodTech SSH Server SFTP Multiple BOF Vulnerabilities Network Vulnerability

Summary

The host is running GoodTech SSH server and is prone to multiple buffer overflow vulnerabilities. The flaws are due to error in SFTP 'open', 'opendir', and 'unlink' commands. This can be exploited by passing overly long string argument.

Impact

Successful exploitation allows execution of arbitrary code, and denial of service. Impact Level: Application

Solution

Upgrade to GoodTech SSH Server version 6.5 or later. For updates refer to http://www.goodtechsys.com/sshdnt2000.asp

Affected

GoodTech SSH Server version 6.4 and prior on Windows (all)

References

http://secunia.com/advisories/32375/
http://www.frsirt.com/english/advisories/2008/2895

Updated on 2017-03-28

Severity

Classification

CVE CVE-2008-4726

CVSS	Base Score: 9.0 AV:N/AC:L/Au:S/C:C/I:C/A:C

Related Vulnerabilities

Asterisk PBX NULL Pointer Dereference Overflow
AnalogX SimpleServer:WWW DoS
AppSocket DoS
CA Multiple Products 'arclib' Component DoS Vulnerability (Win)
Apache APR-Utils XML Parser Denial of Service Vulnerability

Take action and discover your vulnerabilities