CVE-2006-2407
Freeftpd - Memory Corruption
Title source: ruleDescription
Stack-based buffer overflow in (1) WeOnlyDo wodSSHServer ActiveX Component 1.2.7 and 1.3.3 DEMO, as used in other products including (2) FreeSSHd 1.0.9 and (3) freeFTPd 1.0.10, allows remote attackers to execute arbitrary code via a long key exchange algorithm string.
Exploits (5)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16461
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16462
exploitdb
WORKING POC
VERIFIED
by Tauqeer Ahmad · pythonremotewindows
https://www.exploit-db.com/exploits/1787
metasploit
WORKING POC
NORMAL
rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/ssh/freesshd_key_exchange.rb
metasploit
WORKING POC
NORMAL
rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/ssh/freeftpd_key_exchange.rb
References (18)
Scores
EPSS
0.7989
EPSS Percentile
99.1%
Details
CWE
CWE-119
Status
published
Products (4)
freeftpd/freeftpd
1.0.10
freesshd/freesshd
1.0.9
weonlydo/wodsshserver
1.2.7
weonlydo/wodsshserver
1.3.3_demo
Published
May 16, 2006
Tracked Since
Feb 18, 2026