Test ID:	1.3.6.1.4.1.25623.1.0.900166
Category:	Denial of Service
Title:	GoodTech SSH Server SFTP Multiple BOF Vulnerabilities
Summary:	GoodTech SSH server is prone to multiple buffer overflow vulnerabilities. The flaws are due to error in SFTP 'open', 'opendir', and 'unlink' commands. This can be exploited by passing overly long string argument.
Description:	Summary: GoodTech SSH server is prone to multiple buffer overflow vulnerabilities. The flaws are due to error in SFTP 'open', 'opendir', and 'unlink' commands. This can be exploited by passing overly long string argument. Vulnerability Impact: Successful exploitation allows execution of arbitrary code, and denial of service. Affected Software/OS: GoodTech SSH Server version 6.4 and prior on Windows (all) Solution: Upgrade to GoodTech SSH Server version 6.5 or later. CVSS Score: 9.0 CVSS Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-4726 BugTraq ID: 31879 http://www.securityfocus.com/bid/31879 Bugtraq: 20081022 GoodTech SSH Remote Buffer Overflow Exploit (Google Search) http://www.securityfocus.com/archive/1/497745/100/0/threaded https://www.exploit-db.com/exploits/6804 http://secunia.com/advisories/32375 http://securityreason.com/securityalert/4498 http://www.vupen.com/english/advisories/2008/2895 XForce ISS Database: sshserver-sftp-bo(46038) https://exchange.xforce.ibmcloud.com/vulnerabilities/46038
Copyright	Copyright (C) 2008 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.