freeFTPd / freeSSHd SFTP Authentication Bypass
High Nessus Plugin ID 63223
SynopsisThe SFTP server running on the remote host has an authentication bypass vulnerability.
DescriptionThe SFTP server included with freeFTPd or freeSSHd has an authentication bypass vulnerability. Authentication can be bypassed by opening an SSH channel before any credentials are provided. A remote, unauthenticated attacker could exploit this to login without providing credentials.
After logging in, uploading specially crafted files could result in arbitrary code execution as SYSTEM. Refer to the researcher's advisory for more information.
SolutionThere is no known solution at this time.