FileZilla FTP Server Multiple DoS

High Nessus Plugin ID 17593

Synopsis

The remote FTP server has multiple denial of service vulnerabilities.

Description

The remote host is running a version of FileZilla server with the following denial of service vulnerabilities :

- Requesting a file containing the reserved name of a DOS device (e.g. CON, NUL, COM1, etc.) can cause the server to freeze.

- Downloading a file or directory listing with MODE Z enabled (zlib compression) can cause an infinite loop.

Solution

Upgrade to FileZilla Server 0.9.6 or later.

See Also

http://sourceforge.net/project/shownotes.php?release_id=314473

Plugin Details

Severity: High

ID: 17593

File Name: filezilla_denial.nasl

Version: 1.15

Type: remote

Family: FTP

Published: 2005/03/22

Modified: 2018/07/11

Dependencies: 10079

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:filezilla:filezilla_server

Exploit Available: false

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 2005/03/22

Reference Information

CVE: CVE-2005-0850, CVE-2005-0851

BID: 12865

Secunia: 14664