{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/87416?format=json","vulnerability_id":"VCID-fntw-3vn2-jbe8","summary":"Sysax Multi Server versions prior to 5.55 contain a stack-based buffer overflow in its SSH service. When a remote attacker supplies an overly long username during authentication, the server copies the input to a fixed-size stack buffer without proper bounds checking. This allows remote code execution under the context of the service.","aliases":[{"alias":"CVE-2012-10060"}],"fixed_packages":[],"affected_packages":[],"references":[{"reference_url":"https://www.exploit-db.com/exploits/18535","reference_id":"18535","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-08-14T13:45:09Z/"}],"url":"https://www.exploit-db.com/exploits/18535"},{"reference_url":"https://www.exploit-db.com/exploits/18557","reference_id":"18557","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-08-14T13:45:09Z/"}],"url":"https://www.exploit-db.com/exploits/18557"},{"reference_url":"https://advisories.checkpoint.com/defense/advisories/public/2012/cpai-23-sepc.html","reference_id":"cpai-23-sepc.html","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-08-14T13:45:09Z/"}],"url":"https://advisories.checkpoint.com/defense/advisories/public/2012/cpai-23-sepc.html"},{"reference_url":"https://www.vulncheck.com/advisories/sysax-multi-server-ssh-username-buffer-overflow","reference_id":"sysax-multi-server-ssh-username-buffer-overflow","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-08-14T13:45:09Z/"}],"url":"https://www.vulncheck.com/advisories/sysax-multi-server-ssh-username-buffer-overflow"},{"reference_url":"https://web.archive.org/web/20120302203344/http://www.pwnag3.com/2012/02/sysax-multi-server-ssh-username-exploit.html","reference_id":"sysax-multi-server-ssh-username-exploit.html","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-08-14T13:45:09Z/"}],"url":"https://web.archive.org/web/20120302203344/http://www.pwnag3.com/2012/02/sysax-multi-server-ssh-username-exploit.html"},{"reference_url":"https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ssh/sysax_ssh_username.rb","reference_id":"sysax_ssh_username.rb","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-08-14T13:45:09Z/"}],"url":"https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ssh/sysax_ssh_username.rb"},{"reference_url":"https://www.sysax.com/","reference_id":"www.sysax.com","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-08-14T13:45:09Z/"}],"url":"https://www.sysax.com/"}],"weaknesses":[{"cwe_id":121,"name":"Stack-based Buffer Overflow","description":"A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function)."}],"exploits":[{"date_added":null,"description":"This module exploits a vulnerability found in Sysax's SSH service.  By\n          supplying a long username, the SSH server will copy that data on the stack\n          without proper bounds checking, therefore allowing remote code execution\n          under the context of the user.  Please note that previous versions\n          (before 5.53) are also affected by this bug.","required_action":null,"due_date":null,"notes":"Reliability:\n  - unknown-reliability\nStability:\n  - unknown-stability\nSideEffects:\n  - unknown-side-effects\n","known_ransomware_campaign_use":false,"source_date_published":"2012-02-27","exploit_type":null,"platform":"Windows","source_date_updated":null,"data_source":"Metasploit","source_url":"https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/windows/ssh/sysax_ssh_username.rb"}],"severity_range_score":"9.3 - 9.3","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fntw-3vn2-jbe8"}