Sysax Multi Server SSH Component NULL Pointer Dereference DOS Vulnerability Network Vulnerability

Summary

The host is running Sysax Multi Server and is prone to denial of service vulnerability.

Impact

Successful exploitation will allow remote attackers to cause the application to crash, creating a denial-of-service condition. Impact Level: Application

Solution

Upgrade to Sysax Multi Server 6.11 or later, For updates refer to http://www.sysax.com/server

Insight

The flaw is due to a NULL pointer dereference error within the SSH component when negotiating cipher keys and can be exploited to cause a crash via a specially crafted cipher.

Affected

Sysax Multi Server version 6.10

References

http://packetstormsecurity.com/files/121207
http://secunia.com/advisories/52934
http://www.exploit-db.com/exploits/24940
http://www.mattandreko.com/2013/04/sysax-multi-server-610-ssh-dos.html
http://www.osvdb.org/92081

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C

Related Vulnerabilities

Adobe Digital Edition Denial of Service Vulnerability (Mac OS X)
Apple Safari Multiple Vulnerabilities June-09 (Win) - II
Google Chrome Multiple Denial of Service Vulnerabilities - February 11(Windows)
Google Chrome Multiple Denial of Service Vulnerabilities - March12 (Mac OS X)
Easy RM to MP3 Converter Buffer Overflow Vulnerability

Take action and discover your vulnerabilities