Unrated severityNVD Advisory· Published Feb 15, 2006· Updated Apr 16, 2026

CVE-2006-0705

Description

Format string vulnerability in a logging function as used by various SFTP servers, including (1) AttachmateWRQ Reflection for Secure IT UNIX Server before 6.0.0.9, (2) Reflection for Secure IT Windows Server before 6.0 build 38, (3) F-Secure SSH Server for Windows before 5.3 build 35, (4) F-Secure SSH Server for UNIX 3.0 through 5.0.8, (5) SSH Tectia Server 4.3.6 and earlier and 4.4.0, and (6) SSH Shell Server 3.2.9 and earlier, allows remote authenticated users to execute arbitrary commands via unspecified vectors, involving crafted filenames and the stat command.

Affected products

Attachmatewrq/Reflection For Secure It Server2 versions
cpe:2.3:a:attachmatewrq:reflection_for_secure_it_server:6.0:*:unix:*:*:*:*:*+ 1 more
- cpe:2.3:a:attachmatewrq:reflection_for_secure_it_server:6.0:*:unix:*:*:*:*:*
- cpe:2.3:a:attachmatewrq:reflection_for_secure_it_server:6.0:*:win:*:*:*:*:*
F-Secure/F Secure SSH Server20 versions
cpe:2.3:a:f-secure:f-secure_ssh_server:3.0.0:*:*:*:*:*:*:*+ 19 more
- cpe:2.3:a:f-secure:f-secure_ssh_server:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:f-secure:f-secure_ssh_server:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:f-secure:f-secure_ssh_server:3.0.1:*:unix:*:*:*:*:*
- cpe:2.3:a:f-secure:f-secure_ssh_server:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:f-secure:f-secure_ssh_server:3.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:f-secure:f-secure_ssh_server:3.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:f-secure:f-secure_ssh_server:3.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:f-secure:f-secure_ssh_server:3.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:f-secure:f-secure_ssh_server:3.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:f-secure:f-secure_ssh_server:3.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:f-secure:f-secure_ssh_server:3.1.0:*:unix:*:*:*:*:*
- cpe:2.3:a:f-secure:f-secure_ssh_server:3.1.0_build9:*:*:*:*:*:*:*
- cpe:2.3:a:f-secure:f-secure_ssh_server:3.2.0:*:unix:*:*:*:*:*
- cpe:2.3:a:f-secure:f-secure_ssh_server:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:f-secure:f-secure_ssh_server:3.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:f-secure:f-secure_ssh_server:3.2.3:*:unix:*:*:*:*:*
- cpe:2.3:a:f-secure:f-secure_ssh_server:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:f-secure:f-secure_ssh_server:5.1:*:win:*:*:*:*:*
- cpe:2.3:a:f-secure:f-secure_ssh_server:5.2:*:win:*:*:*:*:*
- cpe:2.3:a:f-secure:f-secure_ssh_server:5.3:*:win:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/18828nvdPatchVendor Advisory
secunia.com/advisories/18843nvdPatchVendor Advisory
securitytracker.com/idnvdPatch
support.wrq.com/techdocs/1882.htmlnvdPatch
www.kb.cert.org/vuls/id/419241nvdPatchUS Government Resource
www.securityfocus.com/bid/16625nvdPatch
secunia.com/advisories/24516nvdVendor Advisory
secunia.com/advisories/29552nvdVendor Advisory
www.vupen.com/english/advisories/2006/0554nvdVendor Advisory
www.vupen.com/english/advisories/2006/0555nvdVendor Advisory
www.vupen.com/english/advisories/2008/1008/referencesnvdVendor Advisory
marc.infonvd
security.gentoo.org/glsa/glsa-200703-13.xmlnvd
www.securityfocus.com/bid/16640nvd
exchange.xforce.ibmcloud.com/vulnerabilities/24651nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.004
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000