Vulnerabilities > CVE-2006-2421 - Remote Buffer Overflow vulnerability in Pragma FortressSSH SSH_MSG_KEXINIT

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
pragma-systems
nessus

Summary

Stack-based buffer overflow in Pragma FortressSSH 4.0.7.20 allows remote attackers to execute arbitrary code via long SSH_MSG_KEXINIT messages, which may cause an overflow when being logged. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Vulnerable Configurations

Part Description Count
Application
Pragma_Systems
1

Nessus

NASL familyMisc.
NASL idFORTRESSSSH_SSH_MSG_KEXINIT_OVERFLOW.NASL
descriptionThe remote host is running FortressSSH, an enterprise-class SSH server for Windows. According to its banner, the installed version of this software reportedly contains a buffer overflow vulnerability involving a boundary error in the logging of contents of
last seen2020-06-01
modified2020-06-02
plugin id21589
published2006-05-23
reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/21589
titleFortressSSH SSH_MSG_KEXINIT Logging Remote Overflow