Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

FreeBSD Ports: ssh2, ssh2-nox11

Information

Severity

Severity

Medium

Family

Family

FreeBSD Local Security Checks

CVSSv2 Base

CVSSv2 Base

6.5

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Solution Type

Solution Type

Vendor Patch

Created

Created

14 years ago

Modified

Modified

6 years ago

Summary

The remote host is missing an update to the system as announced in the referenced advisory.

Insight

Insight

The following packages are affected: ssh2 ssh2-nox11 CVE-2006-0705 Format string vulnerability in a logging function as used by various SFTP servers, including (1) AttachmateWRQ Reflection for Secure IT UNIX Server before 6.0.0.9, (2) Reflection for Secure IT Windows Server before 6.0 build 38, (3) F-Secure SSH Server for Windows before 5.3 build 35, (4) F-Secure SSH Server for UNIX 3.0 through 5.0.8, (5) SSH Tectia Server 4.3.6 and earlier and 4.4.0, and (6) SSH Shell Server 3.2.9 and earlier, allows remote authenticated users to execute arbitrary commands via unspecified vectors, involving crafted filenames and the stat command.

Solution

Solution

Update your system with the appropriate patches or software upgrades. http://www.ssh.com/company/newsroom/article/715/ http://www.frsirt.com/english/advisories/2006/0554 http://securitytracker.com/id?1015619 http://secunia.com/advisories/18828 http://xforce.iss.net/xforce/xfdb/24651 http://www.vuxml.org/freebsd/594ad3c5-a39b-11da-926c-0800209adf0e.html

Common Vulnerabilities and Exposures (CVE)