| VID |
14043 |
| Severity |
30 |
| Port |
22 |
| Protocol |
TCP |
| Class |
SSH |
| Detailed Description |
The SSH server, according to its banner, has a format string vulnerability in its sftp subsystem. AttachmateWRQ Reflection for Secure IT Server and F-Secure SSH Server is a commercial SSH server. AttachmateWRQ Reflection for Secure IT UNIX Server versions before 6.0.0.9, Reflection for Secure IT Windows Server versions before 6.0 build 38, F-Secure SSH Server for Windows versions before 5.3 build 35, F-Secure SSH Server for UNIX versions 3.0 through 5.0.8, could allow a remote attacker to execute arbitrary code on the system, caused by a format string vulnerability in the SFTP (Secure FTP) logging functionality. If a remote, authenticated attacker could create a malicious file with a specially-crafted file name and persuade an authenticated user to "stat" the file, the attacker could execute arbitrary code on the affected host or crash the server itself.
* Note: This check solely relied on the banner of the remote SSH server to assess this vulnerability, so this might be a false positive.
* References:
http://support.wrq.com/techdocs/1882.html
http://www.kb.cert.org/vuls/id/419241
http://www.frsirt.com/english/advisories/2006/0555
* Platforms Affected:
F-Secure Corporation, F-Secure SSH for UNIX 3.x - 5.x
F-Secure Corporation, F-Secure SSH for Windows 5.x
WRQ, Reflection for Secure IT UNIX 6.0
WRQ, Reflection for Secure IT Windows 6.0
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of your SSH server, available from the AttachmateWRQ Web site at https://download.wrq.com/Login.aspx?ReturnUrl=%2fUpgrades%2fDownloadAgreement.aspx%3fcode%3dRSSW&code=RSSW
For WRQ Reflection for Secure IT Windows Server, upgrade to version 6.0 build 38 or later.
For WRQ Reflection for Secure IT UNIX Server, upgrade to version 6.0.0.9 or later.
For F-Secure SSH Server for Windows, upgrade to version 5.3 build 35 or later.
For F-Secure SSH Server for UNIX, upgrade to version 5.0.8 or later.
As a workaround, disable the sftp subsystem by editing the software's configuration. |
| Related URL |
CVE-2006-0705 (CVE) |
| Related URL |
16625 (SecurityFocus) |
| Related URL |
24651 (ISS) |
|
