CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2009-3340
https://notcve.org/view.php?id=CVE-2009-3340
Unspecified vulnerability in FreeSSHD 1.2.4 allows remote attackers to cause a denial of service via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. Vulnerabilidad no especificada en FreeSSHD v1.2.4 permite a los atacantes remotos causar una denegación de servicio através de vectores desconocidos, como se demostró en cierto módulo en VulnDisco Pack Professional v8.11. NOTA como en 20090917, esta información no tiene información de la acción. • http://intevydis.com/vd-list.shtml http://secunia.com/advisories/36506 http://www.securitytracker.com/id?1022811 •
CVSS: 9.0EPSS: 2%CPEs: 1EXPL: 3CVE-2008-6899 – freeSSHd 1.2.1 - 'rename' Remote Buffer Overflow (SEH)
https://notcve.org/view.php?id=CVE-2008-6899
Multiple buffer overflows in freeSSHd 1.2.1 allow remote authenticated users to cause a denial of service (crash) and execute arbitrary code via a long (1) open, (2) unlink, (3) mkdir, (4) rmdir, or (5) stat SFTP command. Múltiple desbordamiento de búfer en freeSSHd v1.2.1 permite a usuarios autenticados remotamente causar una denegación de servicio (caída) y ejecutar código a su elección a través de (1) open, (2) unlink, (3) mkdir, (4) rmdir, o(5) comando stat SFTP. • https://www.exploit-db.com/exploits/8295 http://www.bmgsec.com.au/advisories/freeSSHd-bof.txt http://www.securityfocus.com/archive/1/499486/100/0/threaded http://www.securityfocus.com/bid/32972 https://exchange.xforce.ibmcloud.com/vulnerabilities/52434 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.0EPSS: 7%CPEs: 1EXPL: 2CVE-2008-4762 – freeSSHd 1.2.1 - (Authenticated) SFTP 'realpath' Remote Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2008-4762
Stack-based buffer overflow in freeSSHd 1.2.1 allows remote authenticated users to cause a denial of service (service crash) and potentially execute arbitrary code via a long argument to the (1) rename and (2) realpath parameters. Desbordamiento de búfer basado en pila en freeSSHd 1.2.1, permite a usuarios autenticados remotamente provocar una denegación de servicio (caída de servicio) y seguramente la ejecución de código de su elección a través de un argumento largo a los parámetros (1) rename y (2) realpath. • https://www.exploit-db.com/exploits/6812 https://www.exploit-db.com/exploits/6800 http://secunia.com/advisories/32366 http://securityreason.com/securityalert/4515 http://www.securityfocus.com/archive/1/497746/100/0/threaded http://www.securityfocus.com/bid/31872 http://www.securitytracker.com/id?1021096 http://www.vupen.com/english/advisories/2008/2897 https://exchange.xforce.ibmcloud.com/vulnerabilities/46046 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.5EPSS: 8%CPEs: 1EXPL: 3CVE-2008-2573 – freeSSHd 1.2.1 - (Authenticated) Remote Stack Overflow (PoC)
https://notcve.org/view.php?id=CVE-2008-2573
Stack-based buffer overflow in SFTP in freeSSHd 1.2.1 allows remote authenticated users to execute arbitrary code via a long directory name in an SSH_FXP_OPENDIR (aka opendir) command. Desbordamiento de búfer basado en pila en SFTP en freeSSHd 1.2.1 permite a usuarios remotos autenticados ejecutar código de su elección a través a un nombre de directorio largo en un comando SSH_FXP_OPENDIR (aka opendir). • https://www.exploit-db.com/exploits/5709 https://www.exploit-db.com/exploits/5751 http://secunia.com/advisories/30498 http://www.securityfocus.com/archive/1/493180/100/0/threaded http://www.securityfocus.com/bid/29453 http://www.securitytracker.com/id?1020212 http://www.vupen.com/english/advisories/2008/1711/references • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 5%CPEs: 1EXPL: 2CVE-2008-0852 – freeSSHd 1.2 - 'SSH2_MSG_NEWKEYS' Remote Denial of Service
https://notcve.org/view.php?id=CVE-2008-0852
freeSSHd 1.2 and earlier allows remote attackers to cause a denial of service (crash) via a SSH2_MSG_NEWKEYS packet to TCP port 22, which triggers a NULL pointer dereference. freeSSHd 1.2 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (caída) a través de un paquete SSH2_MSG_NEWKEYS al puerto TCP 22, lo que dispara una referencia a un puntero NULL (nulo). • https://www.exploit-db.com/exploits/31218 http://aluigi.altervista.org/adv/freesshdnull-adv.txt http://secunia.com/advisories/29002 http://www.securityfocus.com/archive/1/488363/100/0/threaded http://www.securityfocus.com/bid/27845 http://www.vupen.com/english/advisories/2008/0591 •