CVEs-PoC/2008/CVE-2008-0132.md

### [CVE-2008-0132](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0132)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

Pragma FortressSSH 5.0 Build 4 Revision 293 and earlier handles long input to sshd.exe by creating an error-message window and waiting for the administrator to click in this window before terminating the sshd.exe process, which allows remote attackers to cause a denial of service (connection slot exhaustion) via a flood of SSH connections with long data objects, as demonstrated by (1) a long list of keys and (2) a long username.

### POC

#### Reference
- http://aluigi.altervista.org/adv/pragmassh-adv.txt
- http://aluigi.org/poc/pragmassh.zip

#### Github
- https://github.com/Live-Hack-CVE/CVE-2008-0132