FortressSSH SSH_MSG_KEXINIT Logging Remote Overflow

High Nessus Plugin ID 21589


The remote SSH server is affected by a remote buffer overflow issue.


The remote host is running FortressSSH, an enterprise-class SSH server for Windows.

According to its banner, the installed version of this software reportedly contains a buffer overflow vulnerability involving a boundary error in the logging of contents of 'SSH_MSG_KEXINIT' messages. An unauthenticated attacker may be able to leverage this issue to crash the affected application or to execute arbitrary code on the affected host


Unknown at this time.

Plugin Details

Severity: High

ID: 21589

File Name: fortressssh_ssh_msg_kexinit_overflow.nasl

Version: $Revision: 1.13 $

Type: remote

Family: Misc.

Published: 2006/05/23

Modified: 2011/03/16

Dependencies: 10267

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 7.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:U/RC:ND

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2006/05/16

Reference Information

CVE: CVE-2006-2421

BID: 17991

OSVDB: 25535