Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2008-0132

Pragma FortressSSH 5.0 Build 4 Revision 293 and earlier handles long input to sshd.exe by creating an error-message window and waiting for the administrator to click in this window before terminating the sshd.exe process, which allows remote attackers to cause a denial of service (connection slot exhaustion) via a flood of SSH connections with long data objects, as demonstrated by (1) a long list of keys and (2) a long username.

CVE
#vulnerability#web#windows#dos#auth#ssh

####################################################################### Luigi Auriemma Application: Pragma FortressSSH http://www.pragmasys.com/FortressSSHServer.asp Versions: <= 5.0 Build 4 Revision 293 Platforms: Windows (note that the effect could be non replicable on Windows Server since depends by how are handled the errors) Bug: Denial of Service Exploitation: remote Date: 02 Jan 2008 Author: Luigi Auriemma e-mail: [email protected] web: aluigi.org ####################################################################### 1) Introduction 2) Bug 3) The Code 4) Fix ####################################################################### =============== 1) Introduction =============== Pragma FortressSSH is a commercial SSH server for Windows. ####################################################################### ====== 2) Bug ====== The server, which starts a sshd.exe process for each incoming connection, uses the secure *_s functions of msvcrt for working on the incoming strings. This method allows the avoiding of buffer-overflow vulnerabilities but the process terminates and shows a message error if an exception occurs. An example is the using of a list of keys longer than 4096 which will raise the exception in vsprintf_s during the building of the formatted string, while another example is using a long username. Although the termination of a single process doesn’t affect the others, the access to the server can be denied through the termination of at least 75 of these processes, after that the server will be unreachable (all the current SSH connections established before the last exception will remain up). This bad effect will finish gradually when the admin clicks on the error messages (for example if he closes the first dialogbox a new connection to the server will be possible) but naturally the attacker can continue the attack keeping the server ever unreacheable. ####################################################################### =========== 3) The Code =========== http://aluigi.org/poc/pragmassh.zip ####################################################################### ====== 4) Fix ====== No fix #######################################################################

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907