| VID |
16103 |
| Severity |
30 |
| Port |
21 |
| Protocol |
TCP |
| Class |
FTP |
| Detailed Description |
The FileZilla Server, according to its banner, has multiple denial of service vulnerabilities.
FileZilla Server is a freely available FTP server for Microsoft Windows platforms. FileZilla Server versions prior to 0.9.6 are vulnerable to two vulnerabilities, which can be exploited by remote attackers to cause a denial of service attack.
1) An error can be exploited to cause the application to become unresponsive by attempting to access a file containing reserved MSDOS device names, such as CON, NUL, COM1, and LPT1.
2) An error in the transfer logic can be exploited to cause the application to enter an infinite loop via a file upload or directory listing when using zlib compression.
* Note: This check solely relied on the banner of the remote FTP server to assess this vulnerability, so this might be a false positive.
* References:
http://secunia.com/advisories/14664/
http://sourceforge.net/forum/forum.php?forum_id=454972
* Platforms Affected:
FileZilla Project, FileZilla Server versions prior to 0.9.6
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of FileZilla Server (0.9.6 or later), available from the Sourceforge.net Web site at http://sourceforge.net/project/showfiles.php?group_id=21558 |
| Related URL |
CVE-2005-0850,CVE-2005-0851 (CVE) |
| Related URL |
12865 (SecurityFocus) |
| Related URL |
19763 (ISS) |
|
