FileZilla FTP Server Multiple Remote Buffer Overflow Vulnerabilities
BID:17802
Info
FileZilla FTP Server Multiple Remote Buffer Overflow Vulnerabilities
| Bugtraq ID: | 17802 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 02 2006 12:00AM |
| Updated: | May 08 2006 10:34PM |
| Credit: | Discovery is credited to Leon Juranic <[email protected]>. |
| Vulnerable: |
FileZilla FileZilla 2.2.22 |
| Not Vulnerable: | |
Discussion
FileZilla FTP Server Multiple Remote Buffer Overflow Vulnerabilities
FileZilla FTP Server is prone to multiple buffer-overflow vulnerabilities.
Reportedly, passing excessive data may overflow finite-sized internal memory buffers. A successful attack may result in memory corruption as memory adjacent to the buffer is overwritten with user-supplied data.
These issues may lead to a denial-of-service condition or the execution of arbitrary code.
Version 2.2.22 of FileZilla is vulnerable to these issues; other versions may also be affected.
FileZilla FTP Server is prone to multiple buffer-overflow vulnerabilities.
Reportedly, passing excessive data may overflow finite-sized internal memory buffers. A successful attack may result in memory corruption as memory adjacent to the buffer is overwritten with user-supplied data.
These issues may lead to a denial-of-service condition or the execution of arbitrary code.
Version 2.2.22 of FileZilla is vulnerable to these issues; other versions may also be affected.
Exploit / POC
FileZilla FTP Server Multiple Remote Buffer Overflow Vulnerabilities
This issue can be triggered by using the Infigo FTPStress Fuzzer.
This issue can be triggered by using the Infigo FTPStress Fuzzer.
Solution / Fix
FileZilla FTP Server Multiple Remote Buffer Overflow Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
References
FileZilla FTP Server Multiple Remote Buffer Overflow Vulnerabilities
References:
References:
- Infigo FTPStress Fuzzer (Infigo)
- FileZilla Homepage (FileZilla )
- INFIGO-2006-05-03: Multiple FTP Servers vulnerabilities ("infocus"