Description
Pragma FortressSSH 5.0 Build 4 Revision 293 and earlier handles long input to sshd.exe by creating an error-message window and waiting for the administrator to click in this window before terminating the sshd.exe process, which allows remote attackers to cause a denial of service (connection slot exhaustion) via a flood of SSH connections with long data objects, as demonstrated by (1) a long list of keys and (2) a long username.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Luigi Auriemma · textdosmultiple
https://www.exploit-db.com/exploits/30989
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/27141
Third Party Advisory x_refsource_misc
http://aluigi.org/poc/pragmassh.zip
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/39354
Issue Tracking, Mailing List, Third Party Advisory mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=119947184730448&w=2
Third Party Advisory x_refsource_misc
http://aluigi.altervista.org/adv/pragmassh-adv.txt
Scores
EPSS
0.0454
EPSS Percentile
89.2%
Details
CWE
CWE-400
Status
published
Products (2)
pragmasys/fortress_ssh
5.0 build4_revision293
pragmasys/fortress_ssh
< 5.0
Published
Jan 08, 2008
Tracked Since
Feb 18, 2026