CVE-2012-10060 | THREATINT

Description

Sysax Multi Server versions prior to 5.55 contains a stack-based buffer overflow in its SSH service. When a remote attacker supplies an overly long username during authentication, the server copies the input to a fixed-size stack buffer without proper bounds checking. This allows remote code execution under the context of the service.

PUBLISHED Reserved 2025-08-11 | Published 2025-08-13 | Updated 2025-08-14 | Assigner VulnCheck

CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-121 Stack-based Buffer Overflow

Product status

Default status

unknown

* before 5.55

affected

Credits

Craig Freyman finder

References

raw.githubusercontent.com/...ndows/ssh/sysax_ssh_username.rb exploit

www.exploit-db.com/exploits/18535 exploit

www.exploit-db.com/exploits/18557 exploit

web.archive.org/...ax-multi-server-ssh-username-exploit.html technical-description exploit

advisories.checkpoint.com/...s/public/2012/cpai-23-sepc.html third-party-advisory

www.sysax.com/ product

www.vulncheck.com/...lti-server-ssh-username-buffer-overflow third-party-advisory

cve.org (CVE-2012-10060)

nvd.nist.gov (CVE-2012-10060)

Download JSON

help @ threatint.eu