CVE-2006-2407
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
98.0%
Stack-based buffer overflow in (1) WeOnlyDo wodSSHServer ActiveX Component 1.2.7 and 1.3.3 DEMO, as used in other products including (2) FreeSSHd 1.0.9 and (3) freeFTPd 1.0.10, allows remote attackers to execute arbitrary code via a long key exchange algorithm string.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| freeftpd | freeftpd | 1.0.10 | cpe:2.3:a:freeftpd:freeftpd:1.0.10:*:*:*:*:*:*:* |
| freesshd | freesshd | 1.0.9 | cpe:2.3:a:freesshd:freesshd:1.0.9:*:*:*:*:*:*:* |
| weonlydo | wodsshserver | 1.2.7 | cpe:2.3:a:weonlydo:wodsshserver:1.2.7:*:*:*:*:*:*:* |
| weonlydo | wodsshserver | 1.3.3_demo | cpe:2.3:a:weonlydo:wodsshserver:1.3.3_demo:*:*:*:*:*:*:* |
References
marc.info/?l=full-disclosure&m=114764338702488&w=2
secunia.com/advisories/19845
secunia.com/advisories/19846
secunia.com/advisories/20136
securityreason.com/securityalert/901
www.kb.cert.org/vuls/id/477960
www.osvdb.org/25463
www.osvdb.org/25569
www.securityfocus.com/archive/1/434007/100/0/threaded
www.securityfocus.com/archive/1/434038/100/0/threaded
www.securityfocus.com/archive/1/434402/100/0/threaded
www.securityfocus.com/archive/1/434415/100/0/threaded
www.securityfocus.com/archive/1/434415/30/4920/threaded
www.securityfocus.com/bid/17958
www.vupen.com/english/advisories/2006/1785
www.vupen.com/english/advisories/2006/1786
www.vupen.com/english/advisories/2006/1842
exchange.xforce.ibmcloud.com/vulnerabilities/26442
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
98.0%