{ "id": "CVE-2006-0705", "sourceIdentifier": "cve@mitre.org", "published": "2006-02-15T11:06:00.000", "lastModified": "2017-07-20T01:29:59.800", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", "value": "Format string vulnerability in a logging function as used by various SFTP servers, including (1) AttachmateWRQ Reflection for Secure IT UNIX Server before 6.0.0.9, (2) Reflection for Secure IT Windows Server before 6.0 build 38, (3) F-Secure SSH Server for Windows before 5.3 build 35, (4) F-Secure SSH Server for UNIX 3.0 through 5.0.8, (5) SSH Tectia Server 4.3.6 and earlier and 4.4.0, and (6) SSH Shell Server 3.2.9 and earlier, allows remote authenticated users to execute arbitrary commands via unspecified vectors, involving crafted filenames and the stat command." } ], "metrics": { "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 6.5 }, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-134" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:attachmatewrq:reflection_for_secure_it_server:6.0:*:unix:*:*:*:*:*", "matchCriteriaId": "9D773D86-26DA-4483-A16E-005232B9DF18" }, { "vulnerable": true, "criteria": "cpe:2.3:a:attachmatewrq:reflection_for_secure_it_server:6.0:*:win:*:*:*:*:*", "matchCriteriaId": "007F8B68-5E11-4FC8-9D18-719DF0A1F904" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f-secure:f-secure_ssh_server:3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "828E1D3E-C888-4E28-8676-E1D6298BD339" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f-secure:f-secure_ssh_server:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "0D379AB4-74F4-4E03-967B-57F34697941F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f-secure:f-secure_ssh_server:3.0.1:*:unix:*:*:*:*:*", "matchCriteriaId": "37D85A8A-3A63-45D2-A8FF-8C7E418232FD" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f-secure:f-secure_ssh_server:3.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "E965836B-EA89-4BA9-8D4A-562F8C6C3632" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f-secure:f-secure_ssh_server:3.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "0FE6E187-92F4-4940-BCB2-D5666D8776D9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f-secure:f-secure_ssh_server:3.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "AC639035-D459-4964-AE75-478BC6CD0AFA" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f-secure:f-secure_ssh_server:3.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "7CB5E609-2C26-4A02-A7C9-2C4648595321" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f-secure:f-secure_ssh_server:3.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "72EB2B8C-9A8E-4132-B063-C68F85C337FC" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f-secure:f-secure_ssh_server:3.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "99906561-4B53-4761-BE99-9A061E088EAD" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f-secure:f-secure_ssh_server:3.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "37F8096D-CAAA-4C97-A6D7-4417E687536C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f-secure:f-secure_ssh_server:3.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "8F92DCFF-1403-44D5-9ED3-EA6EB3B4E9E3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f-secure:f-secure_ssh_server:3.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "808266FA-E939-4975-A0A3-280E7244C528" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f-secure:f-secure_ssh_server:3.1.0:*:unix:*:*:*:*:*", "matchCriteriaId": "609AAA1C-8C26-4337-B34F-0DB51450FEC5" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f-secure:f-secure_ssh_server:3.1.0_build9:*:*:*:*:*:*:*", "matchCriteriaId": "671E1719-E51E-442A-ADCA-2FB1998D1D94" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f-secure:f-secure_ssh_server:3.2.0:*:unix:*:*:*:*:*", "matchCriteriaId": "ECCBEC85-7431-413A-9CCE-0209E255847D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f-secure:f-secure_ssh_server:3.2.3:*:unix:*:*:*:*:*", "matchCriteriaId": "A554C5FE-DBB1-40FD-BF11-9857B48CF409" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f-secure:f-secure_ssh_server:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "A9396490-9409-461D-8102-3243EDB80434" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f-secure:f-secure_ssh_server:5.1:*:win:*:*:*:*:*", "matchCriteriaId": "96F807C2-CF24-4686-BC45-C43A767A180D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f-secure:f-secure_ssh_server:5.2:*:win:*:*:*:*:*", "matchCriteriaId": "39842C81-82F2-40A4-9271-5CFC75F6F51E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f-secure:f-secure_ssh_server:5.3:*:win:*:*:*:*:*", "matchCriteriaId": "CF12909D-0AFA-40B5-A38C-CC9A1DC1F20C" } ] } ] } ], "references": [ { "url": "http://marc.info/?l=bugtraq&m=120654385125315&w=2", "source": "cve@mitre.org" }, { "url": "http://security.gentoo.org/glsa/glsa-200703-13.xml", "source": "cve@mitre.org" }, { "url": "http://securitytracker.com/id?1015619", "source": "cve@mitre.org", "tags": [ "Patch" ] }, { "url": "http://support.wrq.com/techdocs/1882.html", "source": "cve@mitre.org", "tags": [ "Patch" ] }, { "url": "http://www.kb.cert.org/vuls/id/419241", "source": "cve@mitre.org", "tags": [ "Patch", "US Government Resource" ] }, { "url": "http://www.securityfocus.com/bid/16625", "source": "cve@mitre.org", "tags": [ "Patch" ] }, { "url": "http://www.securityfocus.com/bid/16640", "source": "cve@mitre.org" }, { "url": "http://www.vupen.com/english/advisories/2006/0554", "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ] }, { "url": "http://www.vupen.com/english/advisories/2006/0555", "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ] }, { "url": "http://www.vupen.com/english/advisories/2008/1008/references", "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ] }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24651", "source": "cve@mitre.org" } ] }