Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-6067

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2012-6067
Last Modified 05 Dec 2012 12:00:00
Published 04 Dec 2012 06:55:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-6067

Summary

freeFTPd.exe in freeFTPd through 1.0.11 allows remote attackers to bypass authentication via a crafted SFTP session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c.

Vulnerable Systems

Application

  • Freeftpd 1.0

  • Freeftpd 1.0.1

  • Freeftpd 1.0.10

  • Freeftpd 1.0.11

  • Freeftpd 1.0.2

  • Freeftpd 1.0.3

  • Freeftpd 1.0.4

  • Freeftpd 1.0.5

  • Freeftpd 1.0.6

  • Freeftpd 1.0.7

  • Freeftpd 1.0.8


References

FULLDISC - 20121201 FreeFTPD Remote Authentication Bypass Zeroday Exploit (Stuxnet technique)


Last Updated: 27 May 2016 11:01:26