Main Vulnerability Database SB2014011201

SB2014011201 - Remote buffer overflow in Mikrotik RouterOS sshd daemon

Published: January 12, 2014 Updated: August 19, 2016

Security Bulletin ID SB2014011201

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Heap corruption (CVE-ID: N/A)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when handling user-supplied input in sshd service. A remote unauthenticated attacker can send specially crafted packets to vulnerable sshd service, trigger heap corruption and cause denial of service or execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable device.

Remediation

Install update from vendor's website.

References

https://kingcope.wordpress.com/2013/09/02/mikrotik-routeros-5-and-6-sshd-remote-preauth-heap-corrupt...