From Secunia:
Description:
Luigi Auriemma has reported some vulnerabilities in Georgia SoftWorks SSH2 Server, which potentially can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.1) A format string error in the log function when handling usernames can be exploited by sending a username containing format string specifiers.
2) A boundary error in the log function when handling usernames can be exploited to cause a buffer overflow by sending an overly-long username.
3) A boundary error within the handling of passwords can be exploited to cause a buffer overflow by sending an overly-long password.
Successful exploitation may allow execution of arbitrary code.
[tags]SSH2 Vulnerability, Software Security, Remote Exploit[/tags]