CVE-2008-2573

freeSSHd 1.2.1 - Authenticated Stack-Based Buffer Overflow via SSH_FXP_OPENDIR Command

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-2573. PoCs published by ryujin, securfrog.

AI-analyzed exploit summary This exploit targets a remote SEH overflow vulnerability in FreeSSHD 1.2.1, leveraging a post-authentication buffer overflow to execute arbitrary shellcode. It includes target-specific payloads for Windows XP SP2 and Vista, using a combination of NOPs, shellcode, and precise offsets to achieve reliable exploitation.

Description

Stack-based buffer overflow in SFTP in freeSSHd 1.2.1 allows remote authenticated users to execute arbitrary code via a long directory name in an SSH_FXP_OPENDIR (aka opendir) command.

Exploits (2)

exploitdb WORKING POC VERIFIED
by ryujin · perlremotewindows
https://www.exploit-db.com/exploits/5751

This exploit targets a remote SEH overflow vulnerability in FreeSSHD 1.2.1, leveraging a post-authentication buffer overflow to execute arbitrary shellcode. It includes target-specific payloads for Windows XP SP2 and Vista, using a combination of NOPs, shellcode, and precise offsets to achieve reliable exploitation.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: FreeSSHD 1.2.1
Auth required
Prerequisites: Valid credentials for FreeSSHD service · Network access to the target service on port 22
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by securfrog · perldoswindows
https://www.exploit-db.com/exploits/5709

This exploit demonstrates a remote buffer overflow in FreeSSHD 1.2.1 by sending an overly long payload (4098 'A's) during an SFTP directory listing operation. The PoC uses Net::SSH2 to authenticate and trigger the vulnerability, causing a crash (EIP overwrite with 0x41414141).

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: FreeSSHD 1.2.1
Auth required
Prerequisites: Valid SSH credentials · Network access to the target · SFTP service enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/29453
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/493180/100/0/threaded
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1711/references
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1020212
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/5751
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/5709
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30498

Scores

EPSS 0.0561
EPSS Percentile 91.9%

Details

CWE
CWE-119
Status published
Products (1)
freesshd/freesshd 1.2.1
Published Jun 06, 2008
Tracked Since Feb 18, 2026