Release date:
Updated on: 2013-04-10
Affected Systems:
Sysax Sysax Multi Server 6.x
Description:
--------------------------------------------------------------------------------
Sysax Multi Server is an SSH2 and FTP Server on windows.
The SSH component of Sysax Multi Server 6.10 has a null pointer to release the reference error during key negotiation. Malicious users can crash the service by using a specially crafted key. To successfully exploit this vulnerability, you must enable the SSH component.
<* Source: Matt Andreko.
Link: http://secunia.com/advisories/52934/
Http://www.mattandreko.com/2013/04/sysax-multi-server-610-ssh-dos.html
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Sysax
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.sysax.com/