6.5

CVE-2006-0705

Format string vulnerability in a logging function as used by various SFTP servers, including (1) AttachmateWRQ Reflection for Secure IT UNIX Server before 6.0.0.9, (2) Reflection for Secure IT Windows Server before 6.0 build 38, (3) F-Secure SSH Server for Windows before 5.3 build 35, (4) F-Secure SSH Server for UNIX 3.0 through 5.0.8, (5) SSH Tectia Server 4.3.6 and earlier and 4.4.0, and (6) SSH Shell Server 3.2.9 and earlier, allows remote authenticated users to execute arbitrary commands via unspecified vectors, involving crafted filenames and the stat command.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AttachmatewrqReflection For Secure It Server Version6.0 Editionunix
F-secureF-secure Ssh Server Version3.0.0
F-secureF-secure Ssh Server Version3.0.1
F-secureF-secure Ssh Server Version3.0.1 Editionunix
F-secureF-secure Ssh Server Version3.0.2
F-secureF-secure Ssh Server Version3.0.3
F-secureF-secure Ssh Server Version3.0.4
F-secureF-secure Ssh Server Version3.0.5
F-secureF-secure Ssh Server Version3.0.6
F-secureF-secure Ssh Server Version3.0.7
F-secureF-secure Ssh Server Version3.0.8
F-secureF-secure Ssh Server Version3.0.9
F-secureF-secure Ssh Server Version3.1.0
F-secureF-secure Ssh Server Version3.1.0 Editionunix
F-secureF-secure Ssh Server Version3.1.0_build9
F-secureF-secure Ssh Server Version3.2.0 Editionunix
F-secureF-secure Ssh Server Version3.2.3 Editionunix
F-secureF-secure Ssh Server Version5.0
F-secureF-secure Ssh Server Version5.1 Editionwin
F-secureF-secure Ssh Server Version5.2 Editionwin
F-secureF-secure Ssh Server Version5.3 Editionwin
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 10.19% 0.951
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 8 6.4
AV:N/AC:L/Au:S/C:P/I:P/A:P
CWE-134 Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

http://marc.info/?l=bugtraq&m=120654385125315&w=2
http://secunia.com/advisories/18828
Patch
Vendor Advisory
http://secunia.com/advisories/18843
Patch
Vendor Advisory
http://secunia.com/advisories/24516
Vendor Advisory
http://secunia.com/advisories/29552
Vendor Advisory
http://security.gentoo.org/glsa/glsa-200703-13.xml
http://securitytracker.com/id?1015619
Patch
http://support.wrq.com/techdocs/1882.html
Patch
http://www.kb.cert.org/vuls/id/419241
Patch
US Government Resource
http://www.securityfocus.com/bid/16625
Patch
http://www.securityfocus.com/bid/16640
http://www.vupen.com/english/advisories/2006/0554
Vendor Advisory
http://www.vupen.com/english/advisories/2006/0555
Vendor Advisory
http://www.vupen.com/english/advisories/2008/1008/references
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/24651