Open-FTPD Authentication Bypass Vulnerability Network Vulnerability

Summary

This host is running Open&Compact FTP Server (Open-FTPD) and is prone to authentication bypass vulnerability.

Impact

Successful exploitation will allow attackers to bypass certain security restrictions and execute FTP commands without any authentication. Impact Level: Application

Solution

No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

Insight

The flaw is due to access not being restricted to various FTP commands before a user is properly authenticated. This can be exploited to execute FTP commands without any authentication.

Affected

Open&Compact FTP Server (Open-FTPD) Version 1.2 and prior.

References

http://secunia.com/advisories/40284
http://www.exploit-db.com/exploits/13932

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2620
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

GNU Bash Environment Variable Handling Shell Remote Command Execution Vulnerability (FTP Check)
Multiple WarFTPd DoS
SolarFTP PASV Command Remote Denial of Service Vulnerability
WS FTP server FTP bounce attack and PASV connection hijacking flaw
Flash FTP Server Directory Traversal Vulnerability

Take action and discover your vulnerabilities