| VID |
28178 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The FileZilla FTP Server has multiple buffer overflow vulnerabilities which exist in versions prior to 0.9.17. FileZilla is a free Windows-based application for transferring files between PC and an FTP site. FileZilla FTP Server versions prior to 0.9.17 are vulnerable to multiple buffer overflow vulnerabilities. By sending an overly long PORT or PASS command followed by a MLSD command or using FileZilla Server interface, a remote attacker could exploit this vulnerability to execute arbitrary code on the affected system, or crash the server.
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://filezilla.sourceforge.net/forum/viewtopic.php?t=2255
http://sourceforge.net/forum/forum.php?forum_id=569148
http://www.infigo.hr/en/in_focus/tools
http://archives.neohapsis.com/archives/bugtraq/2006-05/0139.html
http://www.securityfocus.com/archive/1/433251/30/0/threaded
http://marc.theaimsgroup.com/?l=bugtraq&m=114658586018818&w=2
* Platforms Affected:
FileZilla SourceForge Project, FileZilla Client versions prior to 0.9.17
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of FileZilla (0.9.17 or later), available from the SourceForge.net FileZilla Project Download Web Site at
http://sourceforge.net/project/showfiles.php?group_id=21558&package_id=21737 |
| Related URL |
CVE-2006-2173 (CVE) |
| Related URL |
17802 (SecurityFocus) |
| Related URL |
26303 (ISS) |
|
