Detections
Analytics

CVE-2006-2407

critical

Description

Stack-based buffer overflow in (1) WeOnlyDo wodSSHServer ActiveX Component 1.2.7 and 1.3.3 DEMO, as used in other products including (2) FreeSSHd 1.0.9 and (3) freeFTPd 1.0.10, allows remote attackers to execute arbitrary code via a long key exchange algorithm string.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/26442

http://www.vupen.com/english/advisories/2006/1842

http://www.vupen.com/english/advisories/2006/1786

http://www.vupen.com/english/advisories/2006/1785

http://www.securityfocus.com/archive/1/434415/30/4920/threaded

http://www.securityfocus.com/archive/1/434415/100/0/threaded

http://www.securityfocus.com/archive/1/434402/100/0/threaded

http://www.securityfocus.com/archive/1/434038/100/0/threaded

http://www.securityfocus.com/archive/1/434007/100/0/threaded

http://www.osvdb.org/25569

http://www.osvdb.org/25463

http://www.kb.cert.org/vuls/id/477960

http://securityreason.com/securityalert/901

http://secunia.com/advisories/20136

http://secunia.com/advisories/19846

http://secunia.com/advisories/19845

http://marc.info/?l=full-disclosure&m=114764338702488&w=2

Details

Source: Mitre, NVD

Published: 2006-05-16

Updated: 2018-10-18

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical