Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    4 vulnerabilities found for f-secure_ssh_server by f-secure

    CVE-2006-0705 (GCVE-0-2006-0705)

    Vulnerability from nvd – Published: 2006-02-15 11:00 – Updated: 2024-08-07 16:41
    VLAI
    Summary
    Format string vulnerability in a logging function as used by various SFTP servers, including (1) AttachmateWRQ Reflection for Secure IT UNIX Server before 6.0.0.9, (2) Reflection for Secure IT Windows Server before 6.0 build 38, (3) F-Secure SSH Server for Windows before 5.3 build 35, (4) F-Secure SSH Server for UNIX 3.0 through 5.0.8, (5) SSH Tectia Server 4.3.6 and earlier and 4.4.0, and (6) SSH Shell Server 3.2.9 and earlier, allows remote authenticated users to execute arbitrary commands via unspecified vectors, involving crafted filenames and the stat command.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://securitytracker.com/id?1015619 vdb-entryx_refsource_SECTRACK
    http://support.wrq.com/techdocs/1882.html x_refsource_CONFIRM
    http://secunia.com/advisories/24516 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/29552 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.kb.cert.org/vuls/id/419241 third-party-advisoryx_refsource_CERT-VN
    http://marc.info/?l=bugtraq&m=120654385125315&w=2 vendor-advisoryx_refsource_HP
    http://secunia.com/advisories/18828 third-party-advisoryx_refsource_SECUNIA
    http://security.gentoo.org/glsa/glsa-200703-13.xml vendor-advisoryx_refsource_GENTOO
    http://www.vupen.com/english/advisories/2006/0555 vdb-entryx_refsource_VUPEN
    http://www.vupen.com/english/advisories/2006/0554 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/16625 vdb-entryx_refsource_BID
    http://www.vupen.com/english/advisories/2008/1008… vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/16640 vdb-entryx_refsource_BID
    http://secunia.com/advisories/18843 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2006-02-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T16:41:29.194Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1015619",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1015619"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.wrq.com/techdocs/1882.html"
              },
              {
                "name": "24516",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24516"
              },
              {
                "name": "29552",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29552"
              },
              {
                "name": "sftp-logging-format-string(24651)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24651"
              },
              {
                "name": "VU#419241",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/419241"
              },
              {
                "name": "HPSBTU02322",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=120654385125315\u0026w=2"
              },
              {
                "name": "18828",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/18828"
              },
              {
                "name": "GLSA-200703-13",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200703-13.xml"
              },
              {
                "name": "ADV-2006-0555",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/0555"
              },
              {
                "name": "ADV-2006-0554",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/0554"
              },
              {
                "name": "16625",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/16625"
              },
              {
                "name": "ADV-2008-1008",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/1008/references"
              },
              {
                "name": "16640",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/16640"
              },
              {
                "name": "SSRT080011",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=120654385125315\u0026w=2"
              },
              {
                "name": "18843",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/18843"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-02-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Format string vulnerability in a logging function as used by various SFTP servers, including (1) AttachmateWRQ Reflection for Secure IT UNIX Server before 6.0.0.9, (2) Reflection for Secure IT Windows Server before 6.0 build 38, (3) F-Secure SSH Server for Windows before 5.3 build 35, (4) F-Secure SSH Server for UNIX 3.0 through 5.0.8, (5) SSH Tectia Server 4.3.6 and earlier and 4.4.0, and (6) SSH Shell Server 3.2.9 and earlier, allows remote authenticated users to execute arbitrary commands via unspecified vectors, involving crafted filenames and the stat command."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-19T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1015619",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1015619"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.wrq.com/techdocs/1882.html"
            },
            {
              "name": "24516",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24516"
            },
            {
              "name": "29552",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29552"
            },
            {
              "name": "sftp-logging-format-string(24651)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24651"
            },
            {
              "name": "VU#419241",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/419241"
            },
            {
              "name": "HPSBTU02322",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=120654385125315\u0026w=2"
            },
            {
              "name": "18828",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/18828"
            },
            {
              "name": "GLSA-200703-13",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200703-13.xml"
            },
            {
              "name": "ADV-2006-0555",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/0555"
            },
            {
              "name": "ADV-2006-0554",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/0554"
            },
            {
              "name": "16625",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/16625"
            },
            {
              "name": "ADV-2008-1008",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1008/references"
            },
            {
              "name": "16640",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/16640"
            },
            {
              "name": "SSRT080011",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=120654385125315\u0026w=2"
            },
            {
              "name": "18843",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/18843"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-0705",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Format string vulnerability in a logging function as used by various SFTP servers, including (1) AttachmateWRQ Reflection for Secure IT UNIX Server before 6.0.0.9, (2) Reflection for Secure IT Windows Server before 6.0 build 38, (3) F-Secure SSH Server for Windows before 5.3 build 35, (4) F-Secure SSH Server for UNIX 3.0 through 5.0.8, (5) SSH Tectia Server 4.3.6 and earlier and 4.4.0, and (6) SSH Shell Server 3.2.9 and earlier, allows remote authenticated users to execute arbitrary commands via unspecified vectors, involving crafted filenames and the stat command."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1015619",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1015619"
                },
                {
                  "name": "http://support.wrq.com/techdocs/1882.html",
                  "refsource": "CONFIRM",
                  "url": "http://support.wrq.com/techdocs/1882.html"
                },
                {
                  "name": "24516",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24516"
                },
                {
                  "name": "29552",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29552"
                },
                {
                  "name": "sftp-logging-format-string(24651)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24651"
                },
                {
                  "name": "VU#419241",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/419241"
                },
                {
                  "name": "HPSBTU02322",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=120654385125315\u0026w=2"
                },
                {
                  "name": "18828",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/18828"
                },
                {
                  "name": "GLSA-200703-13",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200703-13.xml"
                },
                {
                  "name": "ADV-2006-0555",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/0555"
                },
                {
                  "name": "ADV-2006-0554",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/0554"
                },
                {
                  "name": "16625",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/16625"
                },
                {
                  "name": "ADV-2008-1008",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/1008/references"
                },
                {
                  "name": "16640",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/16640"
                },
                {
                  "name": "SSRT080011",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=120654385125315\u0026w=2"
                },
                {
                  "name": "18843",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/18843"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-0705",
        "datePublished": "2006-02-15T11:00:00.000Z",
        "dateReserved": "2006-02-15T00:00:00.000Z",
        "dateUpdated": "2024-08-07T16:41:29.194Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-2771 (GCVE-0-2005-2771)

    Vulnerability from nvd – Published: 2005-09-02 04:00 – Updated: 2024-08-07 22:45
    VLAI
    Summary
    WRQ Reflection for Secure IT Windows Server 6.0 (formerly known as F-Secure SSH server) processes access and deny lists in a case-sensitive manner, when previous versions were case-insensitive, which might allow remote attackers to bypass intended restrictions and login to accounts that should be denied.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://securitytracker.com/id?1014835 vdb-entryx_refsource_SECTRACK
    http://www.kb.cert.org/vuls/id/758054 third-party-advisoryx_refsource_CERT-VN
    http://support.wrq.com/techdocs/1910.html x_refsource_CONFIRM
    http://secunia.com/advisories/16649/ third-party-advisoryx_refsource_SECUNIA
    Date Public
    2005-08-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T22:45:02.209Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1014835",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1014835"
              },
              {
                "name": "VU#758054",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/758054"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.wrq.com/techdocs/1910.html"
              },
              {
                "name": "16649",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/16649/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-08-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "WRQ Reflection for Secure IT Windows Server 6.0 (formerly known as F-Secure SSH server) processes access and deny lists in a case-sensitive manner, when previous versions were case-insensitive, which might allow remote attackers to bypass intended restrictions and login to accounts that should be denied."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2005-09-09T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1014835",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1014835"
            },
            {
              "name": "VU#758054",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/758054"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.wrq.com/techdocs/1910.html"
            },
            {
              "name": "16649",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/16649/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2005-2771",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "WRQ Reflection for Secure IT Windows Server 6.0 (formerly known as F-Secure SSH server) processes access and deny lists in a case-sensitive manner, when previous versions were case-insensitive, which might allow remote attackers to bypass intended restrictions and login to accounts that should be denied."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1014835",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1014835"
                },
                {
                  "name": "VU#758054",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/758054"
                },
                {
                  "name": "http://support.wrq.com/techdocs/1910.html",
                  "refsource": "CONFIRM",
                  "url": "http://support.wrq.com/techdocs/1910.html"
                },
                {
                  "name": "16649",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/16649/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2005-2771",
        "datePublished": "2005-09-02T04:00:00.000Z",
        "dateReserved": "2005-09-02T00:00:00.000Z",
        "dateUpdated": "2024-08-07T22:45:02.209Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-0705 (GCVE-0-2006-0705)

    Vulnerability from cvelistv5 – Published: 2006-02-15 11:00 – Updated: 2024-08-07 16:41
    VLAI
    Summary
    Format string vulnerability in a logging function as used by various SFTP servers, including (1) AttachmateWRQ Reflection for Secure IT UNIX Server before 6.0.0.9, (2) Reflection for Secure IT Windows Server before 6.0 build 38, (3) F-Secure SSH Server for Windows before 5.3 build 35, (4) F-Secure SSH Server for UNIX 3.0 through 5.0.8, (5) SSH Tectia Server 4.3.6 and earlier and 4.4.0, and (6) SSH Shell Server 3.2.9 and earlier, allows remote authenticated users to execute arbitrary commands via unspecified vectors, involving crafted filenames and the stat command.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://securitytracker.com/id?1015619 vdb-entryx_refsource_SECTRACK
    http://support.wrq.com/techdocs/1882.html x_refsource_CONFIRM
    http://secunia.com/advisories/24516 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/29552 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.kb.cert.org/vuls/id/419241 third-party-advisoryx_refsource_CERT-VN
    http://marc.info/?l=bugtraq&m=120654385125315&w=2 vendor-advisoryx_refsource_HP
    http://secunia.com/advisories/18828 third-party-advisoryx_refsource_SECUNIA
    http://security.gentoo.org/glsa/glsa-200703-13.xml vendor-advisoryx_refsource_GENTOO
    http://www.vupen.com/english/advisories/2006/0555 vdb-entryx_refsource_VUPEN
    http://www.vupen.com/english/advisories/2006/0554 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/16625 vdb-entryx_refsource_BID
    http://www.vupen.com/english/advisories/2008/1008… vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/16640 vdb-entryx_refsource_BID
    http://secunia.com/advisories/18843 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2006-02-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T16:41:29.194Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1015619",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1015619"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.wrq.com/techdocs/1882.html"
              },
              {
                "name": "24516",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24516"
              },
              {
                "name": "29552",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29552"
              },
              {
                "name": "sftp-logging-format-string(24651)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24651"
              },
              {
                "name": "VU#419241",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/419241"
              },
              {
                "name": "HPSBTU02322",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=120654385125315\u0026w=2"
              },
              {
                "name": "18828",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/18828"
              },
              {
                "name": "GLSA-200703-13",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200703-13.xml"
              },
              {
                "name": "ADV-2006-0555",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/0555"
              },
              {
                "name": "ADV-2006-0554",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/0554"
              },
              {
                "name": "16625",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/16625"
              },
              {
                "name": "ADV-2008-1008",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/1008/references"
              },
              {
                "name": "16640",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/16640"
              },
              {
                "name": "SSRT080011",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=120654385125315\u0026w=2"
              },
              {
                "name": "18843",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/18843"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-02-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Format string vulnerability in a logging function as used by various SFTP servers, including (1) AttachmateWRQ Reflection for Secure IT UNIX Server before 6.0.0.9, (2) Reflection for Secure IT Windows Server before 6.0 build 38, (3) F-Secure SSH Server for Windows before 5.3 build 35, (4) F-Secure SSH Server for UNIX 3.0 through 5.0.8, (5) SSH Tectia Server 4.3.6 and earlier and 4.4.0, and (6) SSH Shell Server 3.2.9 and earlier, allows remote authenticated users to execute arbitrary commands via unspecified vectors, involving crafted filenames and the stat command."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-19T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1015619",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1015619"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.wrq.com/techdocs/1882.html"
            },
            {
              "name": "24516",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24516"
            },
            {
              "name": "29552",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29552"
            },
            {
              "name": "sftp-logging-format-string(24651)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24651"
            },
            {
              "name": "VU#419241",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/419241"
            },
            {
              "name": "HPSBTU02322",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=120654385125315\u0026w=2"
            },
            {
              "name": "18828",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/18828"
            },
            {
              "name": "GLSA-200703-13",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200703-13.xml"
            },
            {
              "name": "ADV-2006-0555",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/0555"
            },
            {
              "name": "ADV-2006-0554",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/0554"
            },
            {
              "name": "16625",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/16625"
            },
            {
              "name": "ADV-2008-1008",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1008/references"
            },
            {
              "name": "16640",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/16640"
            },
            {
              "name": "SSRT080011",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=120654385125315\u0026w=2"
            },
            {
              "name": "18843",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/18843"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-0705",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Format string vulnerability in a logging function as used by various SFTP servers, including (1) AttachmateWRQ Reflection for Secure IT UNIX Server before 6.0.0.9, (2) Reflection for Secure IT Windows Server before 6.0 build 38, (3) F-Secure SSH Server for Windows before 5.3 build 35, (4) F-Secure SSH Server for UNIX 3.0 through 5.0.8, (5) SSH Tectia Server 4.3.6 and earlier and 4.4.0, and (6) SSH Shell Server 3.2.9 and earlier, allows remote authenticated users to execute arbitrary commands via unspecified vectors, involving crafted filenames and the stat command."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1015619",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1015619"
                },
                {
                  "name": "http://support.wrq.com/techdocs/1882.html",
                  "refsource": "CONFIRM",
                  "url": "http://support.wrq.com/techdocs/1882.html"
                },
                {
                  "name": "24516",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24516"
                },
                {
                  "name": "29552",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29552"
                },
                {
                  "name": "sftp-logging-format-string(24651)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24651"
                },
                {
                  "name": "VU#419241",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/419241"
                },
                {
                  "name": "HPSBTU02322",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=120654385125315\u0026w=2"
                },
                {
                  "name": "18828",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/18828"
                },
                {
                  "name": "GLSA-200703-13",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200703-13.xml"
                },
                {
                  "name": "ADV-2006-0555",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/0555"
                },
                {
                  "name": "ADV-2006-0554",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/0554"
                },
                {
                  "name": "16625",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/16625"
                },
                {
                  "name": "ADV-2008-1008",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/1008/references"
                },
                {
                  "name": "16640",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/16640"
                },
                {
                  "name": "SSRT080011",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=120654385125315\u0026w=2"
                },
                {
                  "name": "18843",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/18843"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-0705",
        "datePublished": "2006-02-15T11:00:00.000Z",
        "dateReserved": "2006-02-15T00:00:00.000Z",
        "dateUpdated": "2024-08-07T16:41:29.194Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-2771 (GCVE-0-2005-2771)

    Vulnerability from cvelistv5 – Published: 2005-09-02 04:00 – Updated: 2024-08-07 22:45
    VLAI
    Summary
    WRQ Reflection for Secure IT Windows Server 6.0 (formerly known as F-Secure SSH server) processes access and deny lists in a case-sensitive manner, when previous versions were case-insensitive, which might allow remote attackers to bypass intended restrictions and login to accounts that should be denied.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://securitytracker.com/id?1014835 vdb-entryx_refsource_SECTRACK
    http://www.kb.cert.org/vuls/id/758054 third-party-advisoryx_refsource_CERT-VN
    http://support.wrq.com/techdocs/1910.html x_refsource_CONFIRM
    http://secunia.com/advisories/16649/ third-party-advisoryx_refsource_SECUNIA
    Date Public
    2005-08-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T22:45:02.209Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1014835",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1014835"
              },
              {
                "name": "VU#758054",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/758054"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.wrq.com/techdocs/1910.html"
              },
              {
                "name": "16649",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/16649/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-08-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "WRQ Reflection for Secure IT Windows Server 6.0 (formerly known as F-Secure SSH server) processes access and deny lists in a case-sensitive manner, when previous versions were case-insensitive, which might allow remote attackers to bypass intended restrictions and login to accounts that should be denied."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2005-09-09T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1014835",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1014835"
            },
            {
              "name": "VU#758054",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/758054"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.wrq.com/techdocs/1910.html"
            },
            {
              "name": "16649",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/16649/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2005-2771",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "WRQ Reflection for Secure IT Windows Server 6.0 (formerly known as F-Secure SSH server) processes access and deny lists in a case-sensitive manner, when previous versions were case-insensitive, which might allow remote attackers to bypass intended restrictions and login to accounts that should be denied."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1014835",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1014835"
                },
                {
                  "name": "VU#758054",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/758054"
                },
                {
                  "name": "http://support.wrq.com/techdocs/1910.html",
                  "refsource": "CONFIRM",
                  "url": "http://support.wrq.com/techdocs/1910.html"
                },
                {
                  "name": "16649",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/16649/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2005-2771",
        "datePublished": "2005-09-02T04:00:00.000Z",
        "dateReserved": "2005-09-02T00:00:00.000Z",
        "dateUpdated": "2024-08-07T22:45:02.209Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }