What is CVE-2006-2407?

CVE-2006-2407 is a vulnerability in N/a. Published 2006-05-16.

Is CVE-2006-2407 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2006-2407

Stack-based buffer overflow in (1) WeOnlyDo wodSSHServer ActiveX Component 1.2.7 and 1.3.3 DEMO, as used in other products including (2) FreeSSHd 1.0.9 and (3) freeFTPd 1.0.10, allows remote attackers to execute arbitrary code via a long k…

EPSS: 0.799 (99.1th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

19846 (x_refsource_SECUNIA, third-party-advisory)
25569 (x_refsource_OSVDB, vdb-entry)
20060514 POC exploit for freeSSHd version 1.0.9 (mailing-list, x_refsource_BUGTRAQ)
20060517 POC exploit for freeFTPd 1.0.10 (mailing-list, x_refsource_BUGTRAQ)
ADV-2006-1786 (vdb-entry, x_refsource_VUPEN)
901 (x_refsource_SREASON, third-party-advisory)
freesshd-key-exchange-bo(26442) (vdb-entry, x_refsource_XF)
20060517 BUGTRAQ:20060517 Re:POC exploit for freeFTPd 1.0.10 (mailing-list, x_refsource_BUGTRAQ)
19845 (x_refsource_SECUNIA, third-party-advisory)
VU#477960 (x_refsource_CERT-VN, third-party-advisory)

Frequently asked questions

What is CVE-2006-2407?: CVE-2006-2407 is a vulnerability in N/a. Published 2006-05-16.
Is CVE-2006-2407 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.