6.5
CVE-2006-0705
- EPSS 10.19%
- Veröffentlicht 15.02.2006 11:06:00
- Zuletzt bearbeitet 16.06.2026 22:21:07
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Format string vulnerability in a logging function as used by various SFTP servers, including (1) AttachmateWRQ Reflection for Secure IT UNIX Server before 6.0.0.9, (2) Reflection for Secure IT Windows Server before 6.0 build 38, (3) F-Secure SSH Server for Windows before 5.3 build 35, (4) F-Secure SSH Server for UNIX 3.0 through 5.0.8, (5) SSH Tectia Server 4.3.6 and earlier and 4.4.0, and (6) SSH Shell Server 3.2.9 and earlier, allows remote authenticated users to execute arbitrary commands via unspecified vectors, involving crafted filenames and the stat command.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Attachmatewrq ≫ Reflection For Secure It Server Version6.0 Editionunix
Attachmatewrq ≫ Reflection For Secure It Server Version6.0 Editionwin
F-secure ≫ F-secure Ssh Server Version3.0.0
F-secure ≫ F-secure Ssh Server Version3.0.1
F-secure ≫ F-secure Ssh Server Version3.0.1 Editionunix
F-secure ≫ F-secure Ssh Server Version3.0.2
F-secure ≫ F-secure Ssh Server Version3.0.3
F-secure ≫ F-secure Ssh Server Version3.0.4
F-secure ≫ F-secure Ssh Server Version3.0.5
F-secure ≫ F-secure Ssh Server Version3.0.6
F-secure ≫ F-secure Ssh Server Version3.0.7
F-secure ≫ F-secure Ssh Server Version3.0.8
F-secure ≫ F-secure Ssh Server Version3.0.9
F-secure ≫ F-secure Ssh Server Version3.1.0
F-secure ≫ F-secure Ssh Server Version3.1.0 Editionunix
F-secure ≫ F-secure Ssh Server Version3.1.0_build9
F-secure ≫ F-secure Ssh Server Version3.2.0 Editionunix
F-secure ≫ F-secure Ssh Server Version3.2.3 Editionunix
F-secure ≫ F-secure Ssh Server Version5.0
F-secure ≫ F-secure Ssh Server Version5.1 Editionwin
F-secure ≫ F-secure Ssh Server Version5.2 Editionwin
F-secure ≫ F-secure Ssh Server Version5.3 Editionwin
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 10.19% | 0.951 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
CWE-134 Use of Externally-Controlled Format String
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.
http://marc.info/?l=bugtraq&m=120654385125315&w=2
http://secunia.com/advisories/18828
http://secunia.com/advisories/18843
http://secunia.com/advisories/24516
http://secunia.com/advisories/29552
http://security.gentoo.org/glsa/glsa-200703-13.xml
http://securitytracker.com/id?1015619
http://support.wrq.com/techdocs/1882.html
http://www.kb.cert.org/vuls/id/419241
http://www.securityfocus.com/bid/16625
http://www.securityfocus.com/bid/16640
http://www.vupen.com/english/advisories/2006/0554
http://www.vupen.com/english/advisories/2006/0555
http://www.vupen.com/english/advisories/2008/1008/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/24651