CVE-2006-2407

Stack-based buffer overflow in (1) WeOnlyDo wodSSHServer ActiveX Component 1.2.7 and 1.3.3 DEMO, as used in other products including (2) FreeSSHd 1.0.9 and (3) freeFTPd 1.0.10, allows remote attackers to execute arbitrary code via a long key exchange algorithm string.
References
Link Resource
http://marc.info/?l=full-disclosure&m=114764338702488&w=2
http://secunia.com/advisories/19845 Patch Vendor Advisory
http://secunia.com/advisories/19846 Vendor Advisory
http://secunia.com/advisories/20136 Vendor Advisory
http://securityreason.com/securityalert/901
http://www.kb.cert.org/vuls/id/477960 US Government Resource
http://www.osvdb.org/25463
http://www.osvdb.org/25569
http://www.securityfocus.com/archive/1/434007/100/0/threaded
http://www.securityfocus.com/archive/1/434038/100/0/threaded
http://www.securityfocus.com/archive/1/434402/100/0/threaded
http://www.securityfocus.com/archive/1/434415/100/0/threaded
http://www.securityfocus.com/archive/1/434415/30/4920/threaded
http://www.securityfocus.com/bid/17958 Exploit
http://www.vupen.com/english/advisories/2006/1785 Vendor Advisory
http://www.vupen.com/english/advisories/2006/1786 Vendor Advisory
http://www.vupen.com/english/advisories/2006/1842 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/26442
http://marc.info/?l=full-disclosure&m=114764338702488&w=2
http://secunia.com/advisories/19845 Patch Vendor Advisory
http://secunia.com/advisories/19846 Vendor Advisory
http://secunia.com/advisories/20136 Vendor Advisory
http://securityreason.com/securityalert/901
http://www.kb.cert.org/vuls/id/477960 US Government Resource
http://www.osvdb.org/25463
http://www.osvdb.org/25569
http://www.securityfocus.com/archive/1/434007/100/0/threaded
http://www.securityfocus.com/archive/1/434038/100/0/threaded
http://www.securityfocus.com/archive/1/434402/100/0/threaded
http://www.securityfocus.com/archive/1/434415/100/0/threaded
http://www.securityfocus.com/archive/1/434415/30/4920/threaded
http://www.securityfocus.com/bid/17958 Exploit
http://www.vupen.com/english/advisories/2006/1785 Vendor Advisory
http://www.vupen.com/english/advisories/2006/1786 Vendor Advisory
http://www.vupen.com/english/advisories/2006/1842 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/26442
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:freeftpd:freeftpd:1.0.10:*:*:*:*:*:*:*
cpe:2.3:a:freesshd:freesshd:1.0.9:*:*:*:*:*:*:*
cpe:2.3:a:weonlydo:wodsshserver:1.2.7:*:*:*:*:*:*:*
cpe:2.3:a:weonlydo:wodsshserver:1.3.3_demo:*:*:*:*:*:*:*

History

21 Nov 2024, 00:11

Type Values Removed Values Added
References () http://marc.info/?l=full-disclosure&m=114764338702488&w=2 - () http://marc.info/?l=full-disclosure&m=114764338702488&w=2 -
References () http://secunia.com/advisories/19845 - Patch, Vendor Advisory () http://secunia.com/advisories/19845 - Patch, Vendor Advisory
References () http://secunia.com/advisories/19846 - Vendor Advisory () http://secunia.com/advisories/19846 - Vendor Advisory
References () http://secunia.com/advisories/20136 - Vendor Advisory () http://secunia.com/advisories/20136 - Vendor Advisory
References () http://securityreason.com/securityalert/901 - () http://securityreason.com/securityalert/901 -
References () http://www.kb.cert.org/vuls/id/477960 - US Government Resource () http://www.kb.cert.org/vuls/id/477960 - US Government Resource
References () http://www.osvdb.org/25463 - () http://www.osvdb.org/25463 -
References () http://www.osvdb.org/25569 - () http://www.osvdb.org/25569 -
References () http://www.securityfocus.com/archive/1/434007/100/0/threaded - () http://www.securityfocus.com/archive/1/434007/100/0/threaded -
References () http://www.securityfocus.com/archive/1/434038/100/0/threaded - () http://www.securityfocus.com/archive/1/434038/100/0/threaded -
References () http://www.securityfocus.com/archive/1/434402/100/0/threaded - () http://www.securityfocus.com/archive/1/434402/100/0/threaded -
References () http://www.securityfocus.com/archive/1/434415/100/0/threaded - () http://www.securityfocus.com/archive/1/434415/100/0/threaded -
References () http://www.securityfocus.com/archive/1/434415/30/4920/threaded - () http://www.securityfocus.com/archive/1/434415/30/4920/threaded -
References () http://www.securityfocus.com/bid/17958 - Exploit () http://www.securityfocus.com/bid/17958 - Exploit
References () http://www.vupen.com/english/advisories/2006/1785 - Vendor Advisory () http://www.vupen.com/english/advisories/2006/1785 - Vendor Advisory
References () http://www.vupen.com/english/advisories/2006/1786 - Vendor Advisory () http://www.vupen.com/english/advisories/2006/1786 - Vendor Advisory
References () http://www.vupen.com/english/advisories/2006/1842 - Vendor Advisory () http://www.vupen.com/english/advisories/2006/1842 - Vendor Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/26442 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/26442 -

Information

Published : 2006-05-16 10:02

Updated : 2024-11-21 00:11


NVD link : CVE-2006-2407

Mitre link : CVE-2006-2407

CVE.ORG link : CVE-2006-2407


JSON object : View

Products Affected

freesshd

  • freesshd

freeftpd

  • freeftpd

weonlydo

  • wodsshserver
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer