[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] FreeFTPD Remote Authentication Bypass Zeroday Exploit (Stuxnet technique)
- To: noloader@xxxxxxxxx
- Subject: Re: [Full-disclosure] FreeFTPD Remote Authentication Bypass Zeroday Exploit (Stuxnet technique)
- From: Aris Adamantiadis <aris@xxxxxxxxxxxx>
- Date: Sun, 02 Dec 2012 11:27:30 +0100
Le 1/12/12 23:42, Jeffrey Walton a écrit :
> On Sat, Dec 1, 2012 at 5:07 PM, Aris Adamantiadis <aris@xxxxxxxxxxxx> wrote:
>> Hi Kcope
>>
>> You're late on this one:
>> http://seclists.org/fulldisclosure/2010/Aug/132
> It seems there is a disconnect or it appears they got the analysis wrong:
>
> "Your "request" was examined. This is nothing more than a
> null pointer deference, which cannot be easily exploited."
Please read the full email.
"However you should have a
look at the code below, it compiles with libssh 0.4.5. You need to
provide a valid login to the SSH server.
This vulnerability says long about the seriousness of this application.
I will probably find more in future if I find time to reverse it."
Please also read the attached .c code. It auths on the server with a buggous
password then tries to open a channel anyway. Note also that this exploit
does not work if FreeSSHD uses Windows authentication (with system users)
because it uses a different codepath. Neither does kcope's one.
I'm afraid I missed the similar vulnerability on Tectia's server :(
Aris
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/