FileZilla FTP Server < 0.9.6 Multiple DoS

medium Nessus Network Monitor Plugin ID 2738

Synopsis

The remote host is vulnerable to multiple attack vectors (remote and local).

Description

The remote host is running the FileZilla FTP server. There is a flaw in the remote version of this software that may allow an authenticated attacker to crash the remote host by requesting DOS devices (CON, NUL, etc.) or by misusing the zlib compression mode. In addition, there is a local client flaw within the FileZilla server component. A local user on the FileZilla server who is enticed to initiate an FTP connection to a malicious server can be exploited.

Solution

Upgrade to version 0.9.6 or higher.

Plugin Details

Severity: Medium

ID: 2738

Family: FTP Servers

Published: 3/22/2005

Updated: 3/6/2019

Nessus ID: 17593

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.6

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS v3

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 4

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Temporal Vector: CVSS:3.0/E:U/RL:U/RC:X

Vulnerability Information

CPE: cpe:/a:filezilla:filezilla_server

Reference Information

CVE: CVE-2005-0850, CVE-2005-0851, CVE-2005-3589

BID: 15346, 12865