FileZilla FTP Server Multiple DoS

High Nessus Plugin ID 17593


The remote FTP server has multiple denial of service vulnerabilities.


The remote host is running a version of FileZilla server with the following denial of service vulnerabilities :

- Requesting a file containing the reserved name of a DOS device (e.g. CON, NUL, COM1, etc.) can cause the server to freeze.

- Downloading a file or directory listing with MODE Z enabled (zlib compression) can cause an infinite loop.


Upgrade to FileZilla Server 0.9.6 or later.

See Also

Plugin Details

Severity: High

ID: 17593

File Name: filezilla_denial.nasl

Version: $Revision: 1.14 $

Type: remote

Family: FTP

Published: 2005/03/22

Modified: 2014/07/11

Dependencies: 10079

Risk Information

Risk Factor: High


Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:filezilla:filezilla_server

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 2005/03/22

Reference Information

CVE: CVE-2005-0850, CVE-2005-0851

BID: 12865

OSVDB: 14928, 14929

Secunia: 14664