Sysax Multi Server
Moderate fix1 remedy
cpe:2.3:a:sysax:multi_server:*:*:*:*:*:*:*
Moderate fix1 remedy
- <= 5.53
Sysax Multi Server Stack-Based Buffer Overflow Vulnerability in SSH Service Allowing Remote Code Execution
Vulnerability
Patched
A stack-based buffer overflow vulnerability has been identified in the SSH service of Sysax Multi Server versions prior to 5.55. The issue arises when a remote attacker sends an excessively long username during the authentication process. The server improperly validates the input, allowing the overflow to be exploited and arbitrary code to be executed with the privileges of the service.
Impact
Exploitation of this vulnerability allows for remote code execution on the affected system, under the context of the user running the Sysax Multi Server.
Reproduction
The vulnerability can be reproduced by sending a crafted SSH authentication request that includes a username longer than the buffer size. This can be done using a variety of tools or scripts, such as the one available on Exploit Database (EDB-ID: 18535).
Remediation
Users are advised to update Sysax Multi Server to version 5.55 or later, where this vulnerability has been fixed.
Added: Sep 1, 2025, 7:22 PM
Updated: Sep 1, 2025, 7:22 PM
Vulnerability Rating
Custom Algorithm
spread
1.6impact
10.0exploitability
9.7remediation
7.7relevance
0.3threat
7.8urgency
2.9incentive
10.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.