Intrusion Prevention

MS.Windows.Rshd.Server.Stack.Overflow

Description

This indicates an attempt to exploit a stack based buffer overflow in Mike Dubman's Windows RSH daemon.
A stack based buffer overflow vulnerability has been identified in RSHD daemon (rshd.exe). It is caused by a boundary check error and can be exploited via an overly long, specially crafted packet sent to the default port 514/TCP.

Affected Products

Mike Dubman Windows RSH daemon (rshd) 1.7 and 1.8

Impact

Denial of service.
System comprpomise: remote code execution.

Recommended Actions

Workaround: use secure shell(sshd) as a replacement for rshd.

CVE References

CVE-2007-4006 CVE-2007-4005