| Name | goodtech_ssh |
| CVE | CVE-2008-4726 |
| Exploit Pack | CANVAS |
| Description | Goodtech SSH overflow |
| Notes | CVE Name: CVE-2008-4726 VENDOR: Goodtech Notes: Buffer overflows exist in the following GoodTech SSH server commands: ['open','unlink','file','lstat','remove','get','put','listdir','listdir_attr'] At covertness 1 only 'open' is used, any covertness above 1 a random choice between all vulnerable functions is used (this may be good for testing badly written IPS sigs that tune themselves on Milw0rm code.....) These are post authentication so you need valid credentials to be able to exploit the system. By default all windows user accounts are valid SSH user accounts also. NOTE: As of 11/11/08 The currently available version of the GoodTech SSH server (6.40) was still vulnerable despite this vulnerability and an exploit being public. The public exploit only exploited the vulnarable 'open' command and only worked against XP, not 2K and 2K3 like this exploit does. Repeatability: Infinite References: Commandline: Make sure you set up a Win32 mosdef listener CVE Url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=2008-4726 CVSS: 9.0 |
| Learn more about the CANVAS Exploit Pack here: CANVAS |