Full Disclosure mailing list archives
Re: FreeFTPD Remote Authentication Bypass Zeroday Exploit (Stuxnet technique)
From: Aris Adamantiadis <aris () 0xbadc0de be>
Date: Sun, 02 Dec 2012 11:27:30 +0100
Le 1/12/12 23:42, Jeffrey Walton a écrit :
On Sat, Dec 1, 2012 at 5:07 PM, Aris Adamantiadis <aris () 0xbadc0de be> wrote:Hi Kcope You're late on this one: http://seclists.org/fulldisclosure/2010/Aug/132It seems there is a disconnect or it appears they got the analysis wrong: "Your "request" was examined. This is nothing more than a null pointer deference, which cannot be easily exploited."
Please read the full email. "However you should have a look at the code below, it compiles with libssh 0.4.5. You need to provide a valid login to the SSH server. This vulnerability says long about the seriousness of this application. I will probably find more in future if I find time to reverse it." Please also read the attached .c code. It auths on the server with a buggous password then tries to open a channel anyway. Note also that this exploit does not work if FreeSSHD uses Windows authentication (with system users) because it uses a different codepath. Neither does kcope's one. I'm afraid I missed the similar vulnerability on Tectia's server :( Aris _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- FreeFTPD Remote Authentication Bypass Zeroday Exploit (Stuxnet technique) king cope (Dec 01)
- Re: FreeFTPD Remote Authentication Bypass Zeroday Exploit (Stuxnet technique) Aris Adamantiadis (Dec 01)
- Re: FreeFTPD Remote Authentication Bypass Zeroday Exploit (Stuxnet technique) Jeffrey Walton (Dec 01)
- Re: FreeFTPD Remote Authentication Bypass Zeroday Exploit (Stuxnet technique) Aris Adamantiadis (Dec 02)
- Re: FreeFTPD Remote Authentication Bypass Zeroday Exploit (Stuxnet technique) Jeffrey Walton (Dec 01)
- Re: FreeFTPD Remote Authentication Bypass Zeroday Exploit (Stuxnet technique) Aris Adamantiadis (Dec 01)