Format string vulnerability in a logging function as used by various SFTP servers, including (1) AttachmateWRQ Reflection for Secure IT UNIX Server before 6.0.0.9, (2) Reflection for Secure IT Windows Server before 6.0 build 38, (3) F-Secure SSH Server for Windows before 5.3 build 35, (4) F-Secure SSH Server for UNIX 3.0 through 5.0.8, (5) SSH Tectia Server 4.3.6 and earlier and 4.4.0, and (6) SSH Shell Server 3.2.9 and earlier, allows remote authenticated users to execute arbitrary commands via unspecified vectors, involving crafted filenames and the stat command.

The remote host is affected by the vulnerability described in GLSA-200703-13 (SSH Communications Security's Secure Shell Server: SFTP privilege escalation)

    The SSH Secure Shell Server contains a format string vulnerability in     the SFTP code that handles file transfers (scp2 and sftp2). In some     situations, this code passes the accessed filename to the system log.
    During this operation, an unspecified error could allow uncontrolled     stack access.
  Impact :

    An authenticated system user may be able to exploit this vulnerability     to bypass command restrictions, or run commands as another user.
  Workaround :

    There is no known workaround at this time.

SSH Communications Security Corp reports a format string vulnerability in their SFTP server. This vulnerability could cause a user with SCP/SFTP access only to get permission to execute also other commands.
It could also allow user A to create a special file that when accessed by user B allows user A to execute commands as user B.

The remote host is running SSH Tectia Server, a commercial SSH server.  According to its banner, the installed version of this software contains a format string vulnerability in its SFTP subsystem.  An authenticated remote attacker may be able to execute arbitrary code on the affected host subject to his privileges or crash the server itself.

The remote host is running SSH Tectia Server, a commercial SSH server. 

According to its banner, the installed version of this software contains a format string vulnerability in its sftp subsystem.  A remote, authenticated attacker may be able to execute arbitrary code on the affected host subject to his privileges or crash the server itself.

The remote SSH server is affected by a format string vulnerability.  The remote host is running AttachmateWRQ Reflection for Secure IT Server / F-Secure SSH Server, a commercial SSH server.  According to its banner, the installed version of this software contains a format string vulnerability in its SFTP subsystem.  An remote authenticated attacker may be able to execute arbitrary code on the affected host subject to his privileges or crash the server itself.

The remote host is running AttachmateWRQ Reflection for Secure IT Server / F-Secure SSH Server, a commercial SSH server. 

According to its banner, the installed version of this software contains a format string vulnerability in its sftp subsystem.  A remote, authenticated attacker may be able to execute arbitrary code on the affected host subject to his privileges or crash the server itself.

ID	Name	Product	Family	Severity
24830	GLSA-200703-13 : SSH Communications Security's Secure Shell Server: SFTP privilege escalation	Nessus	Gentoo Local Security Checks	medium
21431	FreeBSD : SSH.COM SFTP server -- format string vulnerability (594ad3c5-a39b-11da-926c-0800209adf0e)	Nessus	FreeBSD Local Security Checks	medium
3432	SSH Tectia Server SFTP Filename Logging Format String	Nessus Network Monitor	SSH	medium
20927	SSH Tectia Server SFTP Filename Logging Format String	Nessus	Misc.	medium
3428	AttachmateWRQ Reflection for Secure IT Server SFTP Format String	Nessus Network Monitor	SSH	medium
20902	AttachmateWRQ Reflection for Secure IT Server SFTP Format String	Nessus	Misc.	medium

Detections

Analytics

CVE-2006-0705

high

Tenable Plugins

medium

medium

medium

medium

medium

medium