{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-02-13T00:00:00", "descriptions": [{"lang": "en", "value": "Format string vulnerability in a logging function as used by various SFTP servers, including (1) AttachmateWRQ Reflection for Secure IT UNIX Server before 6.0.0.9, (2) Reflection for Secure IT Windows Server before 6.0 build 38, (3) F-Secure SSH Server for Windows before 5.3 build 35, (4) F-Secure SSH Server for UNIX 3.0 through 5.0.8, (5) SSH Tectia Server 4.3.6 and earlier and 4.4.0, and (6) SSH Shell Server 3.2.9 and earlier, allows remote authenticated users to execute arbitrary commands via unspecified vectors, involving crafted filenames and the stat command."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-19T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "1015619", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1015619"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.wrq.com/techdocs/1882.html"}, {"name": "24516", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24516"}, {"name": "29552", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29552"}, {"name": "sftp-logging-format-string(24651)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24651"}, {"name": "VU#419241", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/419241"}, {"name": "HPSBTU02322", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=120654385125315&w=2"}, {"name": "18828", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/18828"}, {"name": "GLSA-200703-13", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200703-13.xml"}, {"name": "ADV-2006-0555", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/0555"}, {"name": "ADV-2006-0554", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/0554"}, {"name": "16625", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/16625"}, {"name": "ADV-2008-1008", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/1008/references"}, {"name": "16640", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/16640"}, {"name": "SSRT080011", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=120654385125315&w=2"}, {"name": "18843", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/18843"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-0705", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Format string vulnerability in a logging function as used by various SFTP servers, including (1) AttachmateWRQ Reflection for Secure IT UNIX Server before 6.0.0.9, (2) Reflection for Secure IT Windows Server before 6.0 build 38, (3) F-Secure SSH Server for Windows before 5.3 build 35, (4) F-Secure SSH Server for UNIX 3.0 through 5.0.8, (5) SSH Tectia Server 4.3.6 and earlier and 4.4.0, and (6) SSH Shell Server 3.2.9 and earlier, allows remote authenticated users to execute arbitrary commands via unspecified vectors, involving crafted filenames and the stat command."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1015619", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1015619"}, {"name": "http://support.wrq.com/techdocs/1882.html", "refsource": "CONFIRM", "url": "http://support.wrq.com/techdocs/1882.html"}, {"name": "24516", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24516"}, {"name": "29552", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29552"}, {"name": "sftp-logging-format-string(24651)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24651"}, {"name": "VU#419241", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/419241"}, {"name": "HPSBTU02322", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=120654385125315&w=2"}, {"name": "18828", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18828"}, {"name": "GLSA-200703-13", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200703-13.xml"}, {"name": "ADV-2006-0555", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/0555"}, {"name": "ADV-2006-0554", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/0554"}, {"name": "16625", "refsource": "BID", "url": "http://www.securityfocus.com/bid/16625"}, {"name": "ADV-2008-1008", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1008/references"}, {"name": "16640", "refsource": "BID", "url": "http://www.securityfocus.com/bid/16640"}, {"name": "SSRT080011", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=120654385125315&w=2"}, {"name": "18843", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18843"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T16:41:29.194Z"}, "title": "CVE Program Container", "references": [{"name": "1015619", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1015619"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.wrq.com/techdocs/1882.html"}, {"name": "24516", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24516"}, {"name": "29552", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29552"}, {"name": "sftp-logging-format-string(24651)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24651"}, {"name": "VU#419241", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/419241"}, {"name": "HPSBTU02322", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=120654385125315&w=2"}, {"name": "18828", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/18828"}, {"name": "GLSA-200703-13", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-200703-13.xml"}, {"name": "ADV-2006-0555", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/0555"}, {"name": "ADV-2006-0554", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/0554"}, {"name": "16625", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/16625"}, {"name": "ADV-2008-1008", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/1008/references"}, {"name": "16640", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/16640"}, {"name": "SSRT080011", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=120654385125315&w=2"}, {"name": "18843", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/18843"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-0705", "datePublished": "2006-02-15T11:00:00", "dateReserved": "2006-02-15T00:00:00", "dateUpdated": "2024-08-07T16:41:29.194Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:attachmatewrq:reflection_for_secure_it_server:6.0:*:unix:*:*:*:*:*", "matchCriteriaId": "9D773D86-26DA-4483-A16E-005232B9DF18", "vulnerable": true}, {"criteria": "cpe:2.3:a:attachmatewrq:reflection_for_secure_it_server:6.0:*:win:*:*:*:*:*", "matchCriteriaId": "007F8B68-5E11-4FC8-9D18-719DF0A1F904", "vulnerable": true}, {"criteria": "cpe:2.3:a:f-secure:f-secure_ssh_server:3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "828E1D3E-C888-4E28-8676-E1D6298BD339", "vulnerable": true}, {"criteria": "cpe:2.3:a:f-secure:f-secure_ssh_server:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "0D379AB4-74F4-4E03-967B-57F34697941F", "vulnerable": true}, {"criteria": "cpe:2.3:a:f-secure:f-secure_ssh_server:3.0.1:*:unix:*:*:*:*:*", "matchCriteriaId": "37D85A8A-3A63-45D2-A8FF-8C7E418232FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:f-secure:f-secure_ssh_server:3.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "E965836B-EA89-4BA9-8D4A-562F8C6C3632", "vulnerable": true}, {"criteria": "cpe:2.3:a:f-secure:f-secure_ssh_server:3.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "0FE6E187-92F4-4940-BCB2-D5666D8776D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:f-secure:f-secure_ssh_server:3.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "AC639035-D459-4964-AE75-478BC6CD0AFA", "vulnerable": true}, {"criteria": "cpe:2.3:a:f-secure:f-secure_ssh_server:3.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "7CB5E609-2C26-4A02-A7C9-2C4648595321", "vulnerable": true}, {"criteria": "cpe:2.3:a:f-secure:f-secure_ssh_server:3.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "72EB2B8C-9A8E-4132-B063-C68F85C337FC", "vulnerable": true}, {"criteria": "cpe:2.3:a:f-secure:f-secure_ssh_server:3.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "99906561-4B53-4761-BE99-9A061E088EAD", "vulnerable": true}, {"criteria": "cpe:2.3:a:f-secure:f-secure_ssh_server:3.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "37F8096D-CAAA-4C97-A6D7-4417E687536C", "vulnerable": true}, {"criteria": "cpe:2.3:a:f-secure:f-secure_ssh_server:3.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "8F92DCFF-1403-44D5-9ED3-EA6EB3B4E9E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:f-secure:f-secure_ssh_server:3.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "808266FA-E939-4975-A0A3-280E7244C528", "vulnerable": true}, {"criteria": "cpe:2.3:a:f-secure:f-secure_ssh_server:3.1.0:*:unix:*:*:*:*:*", "matchCriteriaId": "609AAA1C-8C26-4337-B34F-0DB51450FEC5", "vulnerable": true}, {"criteria": "cpe:2.3:a:f-secure:f-secure_ssh_server:3.1.0_build9:*:*:*:*:*:*:*", "matchCriteriaId": "671E1719-E51E-442A-ADCA-2FB1998D1D94", "vulnerable": true}, {"criteria": "cpe:2.3:a:f-secure:f-secure_ssh_server:3.2.0:*:unix:*:*:*:*:*", "matchCriteriaId": "ECCBEC85-7431-413A-9CCE-0209E255847D", "vulnerable": true}, {"criteria": "cpe:2.3:a:f-secure:f-secure_ssh_server:3.2.3:*:unix:*:*:*:*:*", "matchCriteriaId": "A554C5FE-DBB1-40FD-BF11-9857B48CF409", "vulnerable": true}, {"criteria": "cpe:2.3:a:f-secure:f-secure_ssh_server:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "A9396490-9409-461D-8102-3243EDB80434", "vulnerable": true}, {"criteria": "cpe:2.3:a:f-secure:f-secure_ssh_server:5.1:*:win:*:*:*:*:*", "matchCriteriaId": "96F807C2-CF24-4686-BC45-C43A767A180D", "vulnerable": true}, {"criteria": "cpe:2.3:a:f-secure:f-secure_ssh_server:5.2:*:win:*:*:*:*:*", "matchCriteriaId": "39842C81-82F2-40A4-9271-5CFC75F6F51E", "vulnerable": true}, {"criteria": "cpe:2.3:a:f-secure:f-secure_ssh_server:5.3:*:win:*:*:*:*:*", "matchCriteriaId": "CF12909D-0AFA-40B5-A38C-CC9A1DC1F20C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Format string vulnerability in a logging function as used by various SFTP servers, including (1) AttachmateWRQ Reflection for Secure IT UNIX Server before 6.0.0.9, (2) Reflection for Secure IT Windows Server before 6.0 build 38, (3) F-Secure SSH Server for Windows before 5.3 build 35, (4) F-Secure SSH Server for UNIX 3.0 through 5.0.8, (5) SSH Tectia Server 4.3.6 and earlier and 4.4.0, and (6) SSH Shell Server 3.2.9 and earlier, allows remote authenticated users to execute arbitrary commands via unspecified vectors, involving crafted filenames and the stat command."}], "id": "CVE-2006-0705", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-02-15T11:06:00.000", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=120654385125315&w=2"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=120654385125315&w=2"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/18828"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/18843"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/24516"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/29552"}, {"source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200703-13.xml"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://securitytracker.com/id?1015619"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://support.wrq.com/techdocs/1882.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/419241"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/16625"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/16640"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/0554"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/0555"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2008/1008/references"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24651"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=120654385125315&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=120654385125315&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/18828"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/18843"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/24516"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/29552"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200703-13.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://securitytracker.com/id?1015619"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://support.wrq.com/techdocs/1882.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/419241"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/16625"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/16640"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/0554"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/0555"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2008/1008/references"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24651"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-134"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}