Sysax Multi Server versions prior to 5.55 contain a stack-based buffer overflow in its SSH service. When a remote attacker supplies an overly long username during authentication, the server copies the input to a fixed-size stack buffer without proper bounds checking. This allows remote code execution under the context of the service.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XSysax Multi Server
APPSysax< 5.55
Related vulnerabilities
A denial-of-service vulnerability exists in Sysax Multi-Server version 6.10 via its SSH daemon. A specially cr...
Sysax Multi Server 6.99 is vulnerable to a denial of service (DoS) condition when processing specially crafted...
An issue was discovered in Sysax Multi Server 6.90. A session can be hijacked if one observes the sid value in...
Stack-based buffer overflow in Sysax Multi Server before 5.52, when HTTP is enabled, allows remote authenticat...
Multiple directory traversal vulnerabilities in Sysax Multi Server 4.5 allow remote authenticated users to rea...