Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2006-0705 | First vendor Publication | 2006-02-15 |
Vendor | Cve | Last vendor Modification | 2017-07-20 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:S/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
Format string vulnerability in a logging function as used by various SFTP servers, including (1) AttachmateWRQ Reflection for Secure IT UNIX Server before 6.0.0.9, (2) Reflection for Secure IT Windows Server before 6.0 build 38, (3) F-Secure SSH Server for Windows before 5.3 build 35, (4) F-Secure SSH Server for UNIX 3.0 through 5.0.8, (5) SSH Tectia Server 4.3.6 and earlier and 4.4.0, and (6) SSH Shell Server 3.2.9 and earlier, allows remote authenticated users to execute arbitrary commands via unspecified vectors, involving crafted filenames and the stat command. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0705 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-134 | Uncontrolled Format String (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2008-09-24 | Name : Gentoo Security Advisory GLSA 200703-13 (net-misc/ssh) File : nvt/glsa_200703_13.nasl |
2008-09-04 | Name : FreeBSD Ports: ssh2, ssh2-nox11 File : nvt/freebsd_ssh2.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
23172 | WRQ Reflection Secure IT SFTP Service Filename Logging Format String |
23120 | SSH Tectia Server SFTP Service Filename Logging Format String |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2007-03-16 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200703-13.nasl - Type : ACT_GATHER_INFO |
2006-05-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_594ad3c5a39b11da926c0800209adf0e.nasl - Type : ACT_GATHER_INFO |
2006-02-15 | Name : The remote SSH server may be affected by a format string vulnerability. File : ssh_tectia_server_sftp_format_string.nasl - Type : ACT_GATHER_INFO |
2006-02-14 | Name : The remote SSH server is affected by a format string vulnerability. File : wrq_reflection_sftp_format_string.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:03:42 |
|
2021-04-22 01:04:14 |
|
2020-05-23 00:17:25 |
|
2017-07-20 09:23:21 |
|
2016-04-26 14:18:21 |
|
2014-02-17 10:34:41 |
|
2013-05-11 10:49:24 |
|