QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2006-0705

Back to search

CVE-2006-0705

Published: Feb 15, 2006

Modified: Aug 7, 2024

PUBLISHED

Description

Format string vulnerability in a logging function as used by various SFTP servers, including (1) AttachmateWRQ Reflection for Secure IT UNIX Server before 6.0.0.9, (2) Reflection for Secure IT Windows Server before 6.0 build 38, (3) F-Secure SSH Server for Windows before 5.3 build 35, (4) F-Secure SSH Server for UNIX 3.0 through 5.0.8, (5) SSH Tectia Server 4.3.6 and earlier and 4.4.0, and (6) SSH Shell Server 3.2.9 and earlier, allows remote authenticated users to execute arbitrary commands via unspecified vectors, involving crafted filenames and the stat command.

VendorProductVersions

n/a

n/a

affected
n/a

References

1015619
vdb-entry
x_refsource_SECTRACK
24516
third-party-advisory
x_refsource_SECUNIA
29552
third-party-advisory
x_refsource_SECUNIA
sftp-logging-format-string(24651)
vdb-entry
x_refsource_XF
VU#419241
third-party-advisory
x_refsource_CERT-VN
HPSBTU02322
vendor-advisory
x_refsource_HP
18828
third-party-advisory
x_refsource_SECUNIA
GLSA-200703-13
vendor-advisory
x_refsource_GENTOO
ADV-2006-0555
vdb-entry
x_refsource_VUPEN
ADV-2006-0554
vdb-entry
x_refsource_VUPEN
16625
vdb-entry
x_refsource_BID
ADV-2008-1008
vdb-entry
x_refsource_VUPEN
16640
vdb-entry
x_refsource_BID
SSRT080011
vendor-advisory
x_refsource_HP
18843
third-party-advisory
x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now