lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sun, 02 Dec 2012 11:27:30 +0100
From: Aris Adamantiadis <>
Subject: Re: FreeFTPD Remote Authentication Bypass Zeroday
 Exploit (Stuxnet technique)

Le 1/12/12 23:42, Jeffrey Walton a écrit :
> On Sat, Dec 1, 2012 at 5:07 PM, Aris Adamantiadis <> wrote:
>> Hi Kcope
>> You're late on this one:
> It seems there is a disconnect or it appears they got the analysis wrong:
>     "Your "request" was examined. This is nothing more than a
>     null pointer deference, which cannot be easily exploited."

Please read the full email.
"However you should have a
look at the code below, it compiles with libssh 0.4.5. You need to
provide a valid login to the SSH server.

This vulnerability says long about the seriousness of this application.
I will probably find more in future if I find time to reverse it."

Please also read the attached .c code. It auths on the server with a buggous
password then tries to open a channel anyway. Note also that this exploit 
does not work if FreeSSHD uses Windows authentication (with system users) 
because it uses a different codepath. Neither does kcope's one.

I'm afraid I missed the similar vulnerability on Tectia's server :(


Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -

Powered by blists - more mailing lists