6.5

CVE-2006-0705

EPSS 5.37%
Published 15.02.2006 11:06:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

Format string vulnerability in a logging function as used by various SFTP servers, including (1) AttachmateWRQ Reflection for Secure IT UNIX Server before 6.0.0.9, (2) Reflection for Secure IT Windows Server before 6.0 build 38, (3) F-Secure SSH Server for Windows before 5.3 build 35, (4) F-Secure SSH Server for UNIX 3.0 through 5.0.8, (5) SSH Tectia Server 4.3.6 and earlier and 4.4.0, and (6) SSH Shell Server 3.2.9 and earlier, allows remote authenticated users to execute arbitrary commands via unspecified vectors, involving crafted filenames and the stat command.

Affected products Warnungen 0 Metrics 2 CWE 1 References 18

Data is provided by the National Vulnerability Database (NVD)

Attachmatewrq ≫ Reflection For Secure It Server Version6.0 Editionunix

Attachmatewrq ≫ Reflection For Secure It Server Version6.0 Editionwin

F-secure ≫ F-secure Ssh Server Version3.0.0

F-secure ≫ F-secure Ssh Server Version3.0.1

F-secure ≫ F-secure Ssh Server Version3.0.1 Editionunix

F-secure ≫ F-secure Ssh Server Version3.0.2

F-secure ≫ F-secure Ssh Server Version3.0.3

F-secure ≫ F-secure Ssh Server Version3.0.4

F-secure ≫ F-secure Ssh Server Version3.0.5

F-secure ≫ F-secure Ssh Server Version3.0.6

F-secure ≫ F-secure Ssh Server Version3.0.7

F-secure ≫ F-secure Ssh Server Version3.0.8

F-secure ≫ F-secure Ssh Server Version3.0.9

F-secure ≫ F-secure Ssh Server Version3.1.0

F-secure ≫ F-secure Ssh Server Version3.1.0 Editionunix

F-secure ≫ F-secure Ssh Server Version3.1.0_build9

F-secure ≫ F-secure Ssh Server Version3.2.0 Editionunix

F-secure ≫ F-secure Ssh Server Version3.2.3 Editionunix

F-secure ≫ F-secure Ssh Server Version5.0

F-secure ≫ F-secure Ssh Server Version5.1 Editionwin

F-secure ≫ F-secure Ssh Server Version5.2 Editionwin

F-secure ≫ F-secure Ssh Server Version5.3 Editionwin

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	5.37%	0.891

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-134 Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

http://marc.info/?l=bugtraq&m=120654385125315&w=2

http://secunia.com/advisories/18828

Patch

Vendor Advisory

http://secunia.com/advisories/18843

Patch

Vendor Advisory

http://secunia.com/advisories/24516

Vendor Advisory

http://secunia.com/advisories/29552

Vendor Advisory

http://security.gentoo.org/glsa/glsa-200703-13.xml

http://securitytracker.com/id?1015619

Patch

http://support.wrq.com/techdocs/1882.html

Patch

http://www.kb.cert.org/vuls/id/419241

Patch

US Government Resource

http://www.securityfocus.com/bid/16625

Patch

http://www.securityfocus.com/bid/16640

http://www.vupen.com/english/advisories/2006/0554

Vendor Advisory

http://www.vupen.com/english/advisories/2006/0555

Vendor Advisory

http://www.vupen.com/english/advisories/2008/1008/references

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/24651

https://nvd.nist.gov/vuln/detail/CVE-2006-0705

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-0705

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-0705

EUVD