FileZilla Client < 3.7.3 Multiple Vulnerabilities

This script is Copyright (C) 2013 Tenable Network Security, Inc.

Synopsis :

The remote Windows host has an application that is affected by
multiple vulnerabilities.

Description :

The version of FileZilla Client on the remote host is a version prior
to 3.7.3. As such, it is affected by multiple vulnerabilities :

- A buffer underrun vulnerability exists that occurs when
verifying a DSA signature when using SFTP.

- A remote buffer overflow vulnerability exists that is
triggered when processing a specially crafted DSA
signature when using SFTP. (CVE-2013-4207)

- Multiple information disclosure vulnerabilities exist
due to improper cleaning of private keys used in SFTP
sessions. An attacker could exploit these issues by
tricking a user into connecting to a specially crafted
SFTP server. This can lead to code execution, denial of
service, and access to sensitive information like SFTP
login passwords, obsolete session keys, public-key pass
phrases, and the private halves of public keys.

See also :

Solution :

Upgrade to FileZilla Client 3.7.3 or later.

Risk factor :

Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.9
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 69494 ()

Bugtraq ID: 61644

CVE ID: CVE-2013-4206

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now