| VID |
14045 |
| Severity |
40 |
| Port |
22 |
| Protocol |
TCP |
| Class |
SSH |
| Detailed Description |
The FortressSSH server, according to its banner, has a buffer overflow vulnerability via long SSH_MSG_KEXINIT messages. FortressSSH is a SSH server for Microsoft Windows platforms. FortressSSH version 4.0.7.20 and earlier versions are vulnerable to a stack-based buffer overflow vulnerability, caused by improper bounds checking when logging the contents in SSH_MSG_KEXINIT messages sent by an SSH client. A remote attacker could exploit this vulnerability to execute arbitrary code on the affected host.
* Note: This check solely relied on the banner of the remote SSH server to assess this vulnerability, so this might be a false positive.
* References:
http://www.frsirt.com/english/advisories/2006/1820
http://secunia.com/advisories/20114/
* Platforms Affected:
Microsoft Windows Any version
Pragma Systems, Inc., FortressSSH version 4.0.7.20 and earlier versions |
| Recommendation |
No upgrade or patch available as of June 2006. Restrict access to trusted IP addresses only. |
| Related URL |
CVE-2006-2421 (CVE) |
| Related URL |
17991 (SecurityFocus) |
| Related URL |
26498 (ISS) |
|
