freeFTPd / freeSSHd SFTP Authentication Bypass

This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.

Synopsis :

The SFTP server running on the remote host has an authentication bypass

Description :

The SFTP server included with freeFTPd or freeSSHd has an
authentication bypass vulnerability. Authentication can be bypassed by
opening an SSH channel before any credentials are provided. A remote,
unauthenticated attacker could exploit this to login without providing

After logging in, uploading specially crafted files could result in
arbitrary code execution as SYSTEM. Refer to the researcher's advisory
for more information.

See also :

Solution :

There is no known solution at this time.

Risk factor :

High / CVSS Base Score : 7.5
CVSS Temporal Score : 7.1
Public Exploit Available : true

Family: Gain a shell remotely

Nessus Plugin ID: 63223 ()

Bugtraq ID: 56782

CVE ID: CVE-2012-6066

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial