CVE-2006-2407 – freeFTPd 1.0.10 - Key Exchange Algorithm String Buffer Overflow

https://notcve.org/view.php?id=CVE-2006-2407

Stack-based buffer overflow in (1) WeOnlyDo wodSSHServer ActiveX Component 1.2.7 and 1.3.3 DEMO, as used in other products including (2) FreeSSHd 1.0.9 and (3) freeFTPd 1.0.10, allows remote attackers to execute arbitrary code via a long key exchange algorithm string. Desbordamiento de búfer basado en pila en (1) WeOnlyDo wodSSHServer ActiveX Component 1.2.7 y 1.3.3 DEMO, como se usa en otros productos incluyendo (2) FreeSSHd 1.0.9 y (3) freeFTPd 1.0.10, permite a atacantes remotos ejecutar código arbitrario a través de una cadena de algoritmo de intercambio de clave larga. • https://www.exploit-db.com/exploits/16462 https://www.exploit-db.com/exploits/16461 https://www.exploit-db.com/exploits/1787 http://marc.info/?l=full-disclosure&m=114764338702488&w=2 http://secunia.com/advisories/19845 http://secunia.com/advisories/19846 http://secunia.com/advisories/20136 http://securityreason.com/securityalert/901 http://www.kb.cert.org/vuls/id/477960 http://www.osvdb.org/25463 http://www.osvdb.org/25569 http://www.securityfocus.com/archive • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •