| VID |
16126 |
| Severity |
30 |
| Port |
21 |
| Protocol |
TCP |
| Class |
FTP |
| Detailed Description |
The FileZilla Server, according to its banner, has multiple denial of service vulnerabilities which exist in versions prior to 0.9.22. FileZilla Server is a freely available FTP server for Microsoft Windows platforms. FileZilla Server versions prior to 0.9.22 are vulnerable to two vulnerabilities, which can be exploited by remote attackers to cause a denial of service attack.
1) Denial of service vulnerability due to nullpointer dereference
2) Denial of service vulnerability via CWD command without arguments
* Note: This check solely relied on the banner of the remote FTP server to assess this vulnerability, so this might be a false positive.
* References:
http://sourceforge.net/project/shownotes.php?release_id=470364&group_id=21558
http://retrogod.altervista.org/filezilla_0921_dos.html
http://milw0rm.com/exploits/2914
* Platforms Affected:
FileZilla Project, FileZilla Server versions prior to 0.9.22
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of FileZilla Server (0.9.22 or later), available from the Sourceforge.net Web site at http://sourceforge.net/project/shownotes.php?release_id=470364&group_id=21558 |
| Related URL |
CVE-2006-6564,CVE-2006-6565 (CVE) |
| Related URL |
21542,21549 (SecurityFocus) |
| Related URL |
(ISS) |
|
