CVE-2012-6067

freeFTPd.exe in freeFTPd through 1.0.11 allows remote attackers to bypass authentication via a crafted SFTP session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c.

Published: Dec 5, 2012
Updated: Apr 13, 2023
CVE: CVE-2012-6067
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
freeftpd / freeftpd	-	1.0.11.x
freeftpd / freeftpd	1.0.2	1.0.2.x
freeftpd / freeftpd	1.0.3	1.0.3.x
freeftpd / freeftpd	1.0	1.0.x
freeftpd / freeftpd	1.0.5	1.0.5.x
freeftpd / freeftpd	1.0.1	1.0.1.x
freeftpd / freeftpd	1.0.4	1.0.4.x
freeftpd / freeftpd	1.0.8	1.0.8.x
freeftpd / freeftpd	1.0.6	1.0.6.x
freeftpd / freeftpd	1.0.10	1.0.10.x
freeftpd / freeftpd	1.0.7	1.0.7.x

http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0011.html

Vulnerability Database

290,020

CVE-2012-6067