CVE-2013-10065

A denial-of-service vulnerability exists in Sysax Multi-Server version 6.10 via its SSH daemon. A specially crafted SSH key exchange packet can trigger a crash in the service, resulting in loss of availability. The flaw is triggered during the handling of malformed key exchange data, including a non-standard byte (\x28) in place of the expected SSH protocol delimiter.

CVSS

No CVSS.

References

Link	Resource
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/dos/windows/ssh/sysax_sshd_kexchange.rb
https://www.mattandreko.com/2013/04/08/sysax-multi-server-6.10-ssh-dos/
https://www.sysax.com/
https://www.vulncheck.com/advisories/sysax-multi-server-sshd-key-exchange-dos
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/dos/windows/ssh/sysax_sshd_kexchange.rb
https://www.mattandreko.com/2013/04/08/sysax-multi-server-6.10-ssh-dos/

Configurations

No configuration.

History

07 Aug 2025, 16:15

Type	Values Removed	Values Added
References	~~() https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/dos/windows/ssh/sysax_sshd_kexchange.rb -~~	() https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/dos/windows/ssh/sysax_sshd_kexchange.rb -
References	~~() https://www.mattandreko.com/2013/04/08/sysax-multi-server-6.10-ssh-dos/ -~~	() https://www.mattandreko.com/2013/04/08/sysax-multi-server-6.10-ssh-dos/ -
Summary		(es) Existe una vulnerabilidad de denegación de servicio en Sysax Multi-Server versión 6.10 a través de su demonio SSH. Un paquete de intercambio de claves SSH especialmente manipulado puede provocar un fallo en el servicio, lo que resulta en una pérdida de disponibilidad. La falla se activa durante el procesamiento de datos de intercambio de claves malformados, incluyendo un byte no estándar (\x28) en lugar del delimitador de protocolo SSH esperado.

05 Aug 2025, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-05 20:15

Updated : 2025-08-07 16:15

NVD link : CVE-2013-10065

Mitre link : CVE-2013-10065

CVE.ORG link : CVE-2013-10065

JSON object : View

Products Affected

No product.

CWE

CWE-248

Uncaught Exception

{"id": "CVE-2013-10065", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-08-05T20:15:35.087", "references": [{"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/dos/windows/ssh/sysax_sshd_kexchange.rb", "source": "disclosure@vulncheck.com"}, {"url": "https://www.mattandreko.com/2013/04/08/sysax-multi-server-6.10-ssh-dos/", "source": "disclosure@vulncheck.com"}, {"url": "https://www.sysax.com/", "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/sysax-multi-server-sshd-key-exchange-dos", "source": "disclosure@vulncheck.com"}, {"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/dos/windows/ssh/sysax_sshd_kexchange.rb", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}, {"url": "https://www.mattandreko.com/2013/04/08/sysax-multi-server-6.10-ssh-dos/", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-248"}]}], "descriptions": [{"lang": "en", "value": "A denial-of-service vulnerability exists in\u00a0Sysax Multi-Server version 6.10 via its SSH daemon. A specially crafted SSH key exchange packet can trigger a crash in the service, resulting in loss of availability. The flaw is triggered during the handling of malformed key exchange data, including a non-standard byte (\\x28) in place of the expected SSH protocol delimiter."}, {"lang": "es", "value": "Existe una vulnerabilidad de denegaci\u00f3n de servicio en Sysax Multi-Server versi\u00f3n 6.10 a trav\u00e9s de su demonio SSH. Un paquete de intercambio de claves SSH especialmente manipulado puede provocar un fallo en el servicio, lo que resulta en una p\u00e9rdida de disponibilidad. La falla se activa durante el procesamiento de datos de intercambio de claves malformados, incluyendo un byte no est\u00e1ndar (\\x28) en lugar del delimitador de protocolo SSH esperado."}], "lastModified": "2025-08-07T16:15:29.483", "sourceIdentifier": "disclosure@vulncheck.com"}