← back
CVE-2008-0132

CVE-2008-0132

EPSS 9.0%
Pragma FortressSSH 5.0 Build 4 Revision 293 and earlier handles long input to sshd.exe by creating an error-message window and waiting for the administrator to click in this window before terminating the sshd.exe process, which allows remote attackers to cause a denial of service (connection slot exhaustion) via a flood of SSH connections with long data objects, as demonstrated by (1) a long list of keys and (2) a long username.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/30989unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://aluigi.altervista.org/adv/pragmassh-adv.txthttp://aluigi.org/poc/pragmassh.ziphttp://marc.info/?l=bugtraq&m=119947184730448&w=2https://exchange.xforce.ibmcloud.com/vulnerabilities/39354http://www.securityfocus.com/bid/27141