Lucene search

[email protected]CVE-2008-2573

HistoryJun 06, 2008 - 6:32 p.m.

CVE-2008-2573

2008-06-0618:32:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2008-2573

stack-based buffer overflow

sftp

freesshd 1.2.1

remote code execution

nvd

8.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

7.7 High

AI Score

Confidence

High

0.088 Low

EPSS

Percentile

94.6%

JSON

Stack-based buffer overflow in SFTP in freeSSHd 1.2.1 allows remote authenticated users to execute arbitrary code via a long directory name in an SSH_FXP_OPENDIR (aka opendir) command.

Affected configurations

NVD

Node

freesshdfreesshdMatch1.2.1

CPENameOperatorVersion
freesshd:freesshdfreesshdeq1.2.1

CPE	Name	Operator	Version
freesshd:freesshd	freesshd	eq	1.2.1

References

secunia.com/advisories/30498

www.securityfocus.com/archive/1/493180/100/0/threaded

www.securityfocus.com/bid/29453

www.securitytracker.com/id?1020212

www.vupen.com/english/advisories/2008/1711/references

www.exploit-db.com/exploits/5709

www.exploit-db.com/exploits/5751

8.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

7.7 High

AI Score

Confidence

High

0.088 Low

EPSS

Percentile

94.6%

JSON

Related for CVE-2008-2573

prion1 cvelist1 nvd1