AnsweredAssumed Answered

QID 117137 - freeSSHd SSH2 Connection Data Remote Buffer Overflow Vulnerability

Question asked by Stevie Beck on Oct 29, 2013
Latest reply on Oct 29, 2013 by Stevie Beck

Does anyone know how this QID is exactly tested for? (I assume it does just the version check...).

On one of our systems we have freeSSHd running - in a configuration that avoids exploitability by QID 120718 (CVE-2012-6066, i.e. the critical issue of freeSSHd) - We are running the latest version available (freeSSHd 1.2.6).

 

After authenticated scan (on Windows 2008 Server maching) QID 117137 however tells:

a. "freeSSHd versions prior to 1.2.6 are vulnerable."

but...:

b. "%ProgramFiles%\freeSSHd\FreeSSHDService.exe Version is 1.2.6.22 "

Outcomes