Published: 04/12/2012 Updated: 05/12/2012

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 945

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

freeSSHd.exe in freeSSHd up to and including 1.2.6 allows remote malicious users to bypass authentication via a crafted session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c.

Vulnerable Product	Search on Vulmon	Subscribe to Product
freesshd freesshd
freesshd freesshd 1.2.1
freesshd freesshd 1.2.2

require 'msf/core' require 'tempfile' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp include Msf::Exploit::EXE def initialize(info={}) super(update_info(info, 'Name' => "Freesshd Authentication Bypass", 'Description' => %q{ This module exploits a vulnerabil ...

FreeFTPD all versions Remote System Level Exploit Zero-Day -- No username needed, straightforward rooting! Discovered & Exploited By Kingcope Year 2011 -- githubcom/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/23079zip Example banner: WeOnlyDo-wodFTPD 236165 This package includes all you need to successfully r ...

FreeSSHD all version Remote Authentication Bypass ZERODAY Discovered & Exploited by Kingcope Year 2011 # Exploit-DB Mirror: githubcom/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/23080zip Run like: sshexe -l<valid username> <host> valid username might be: root admin administrator webadmin sysadmin ...

FreeSSHD Remote Authentication Bypass Vulnerability (freeSSHd 2.1.3)

CVE-2012-6066 FreeSSHD Remote Authentication Bypass Vulnerability (freeSSHd 213) Version check : nmap -A

CWE-287 http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0012.html https://nvd.nist.gov https://github.com/bongbongco/CVE-2012-6066 https://www.exploit-db.com/exploits/24133/

CVE-2012-6066

Vulnerability Summary

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect