Intrusion Prevention

MS.Windows.Rshd.Server.Remote.Stack.Overflow

Description

This indicates an attempt to exploit a Stack Based Buffer Overflow in Mike Dubman's Windows RSH daemon.
The vulnerability is in the RSHD daemon (rshd.exe). It is caused by a boundary check error and can be exploited via an overly long, specially crafted packet sent to the default port 514/TCP.

Affected Products

Mike Dubman Windows RSH daemon (rshd) 1.7 and 1.8

Impact

System Compromise: Remote code execution.
Denial of service.

Recommended Actions

Workaround: Use Secure Shell (sshd) as a replacement for rshd.

CVE References

CVE-2007-4006 CVE-2007-4005