Multiple Vendor SSH2 Implementation Buffer Overflow Vulnerabilities

info
discussion
exploit
solution
references

Multiple Vendor SSH2 Implementation Buffer Overflow Vulnerabilities

The SSHredder test suite, provided by Rapid 7, is available from the following location:

http://www.rapid7.com/perl/DownloadRequest.pl?PackageChoice=666

Proof-of-concept code has been published. The following program will act as a malicious server to exploit vulnerable 'putty' clients.

/data/vulnerabilities/exploits/IP-putty.c
/data/vulnerabilities/exploits/IP-putty.c