FortressSSH SSH_MSG_KEXINIT Logging Remote Overflow

high Nessus Plugin ID 21589

Language:

Synopsis

The remote SSH server is affected by a remote buffer overflow issue.

Description

The remote host is running FortressSSH, an enterprise-class SSH server for Windows.

According to its banner, the installed version of this software reportedly contains a buffer overflow vulnerability involving a boundary error in the logging of contents of 'SSH_MSG_KEXINIT' messages. An unauthenticated attacker may be able to leverage this issue to crash the affected application or to execute arbitrary code on the affected host

Solution

Unknown at this time.

Plugin Details

Severity: High

ID: 21589

File Name: fortressssh_ssh_msg_kexinit_overflow.nasl

Version: 1.14

Type: remote

Family: Misc.

Published: 5/23/2006

Updated: 7/11/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 5/16/2006

Reference Information

CVE: CVE-2006-2421

BID: 17991

Detections

Analytics