freeSSHd Key Exchange Algorithm String Remote Overflow
High Nessus Plugin ID 21580
SynopsisThe remote SSH server is prone to a buffer overflow attack.
DescriptionThe remote host is using freeSSHd, a free SSH server for Windows.
The version of freeSSHd installed on the remote host does not validate the key exchange strings sent by a SSH client. This can result in a buffer overflow and possibly a compromise of the host if an unauthenticated attacker sends a long key exchange string.
SolutionUpgrade to FreeSSHd version 1.0.10 or later.