CVE Catalog

CVE-2012-10060

Critical
Published: Translated: NVD NIST

Summary

Sysax Multi Server versions prior to 5.55 contain a stack-based buffer overflow in its SSH service. A remote attacker can supply an overly long username during authentication, leading to remote code execution.

Risk Assessment

An attacker can remotely execute code under the context of the service, posing a significant security risk to the system.

Recommendation

It is recommended to upgrade to version 5.55 or later to mitigate this vulnerability.

Original NVD description (English source)

Sysax Multi Server versions prior to 5.55 contain a stack-based buffer overflow in its SSH service. When a remote attacker supplies an overly long username during authentication, the server copies the input to a fixed-size stack buffer without proper bounds checking. This allows remote code execution under the context of the service.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS