This script is Copyright (C) 2013 Tenable Network Security, Inc.
The remote Windows host has an application that is affected by
The version of FileZilla Client on the remote host is a version prior
to 3.7.3. As such, it is affected by multiple vulnerabilities :
- A buffer underrun vulnerability exists that occurs when
verifying a DSA signature when using SFTP.
- A remote buffer overflow vulnerability exists that is
triggered when processing a specially crafted DSA
signature when using SFTP. (CVE-2013-4207)
- Multiple information disclosure vulnerabilities exist
due to improper cleaning of private keys used in SFTP
sessions. An attacker could exploit these issues by
tricking a user into connecting to a specially crafted
SFTP server. This can lead to code execution, denial of
service, and access to sensitive information like SFTP
login passwords, obsolete session keys, public-key pass
phrases, and the private halves of public keys.
See also :
Upgrade to FileZilla Client 3.7.3 or later.
Risk factor :
Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.9
Public Exploit Available : false