FileZilla FTP Client Unspecified Overflow

High Nessus Plugin ID 21565

Synopsis

The remote Windows host has an application is that affected by a remote buffer overflow vulnerability.

Description

According to its version, the FileZilla FTP client installed on the remote host is affected by an unspecified buffer overflow vulnerability. It may be possible to exploit this issue remotely by tricking a user into connecting to a malicious FTP site using the affected client. Remote code execution would then be possible subject to the user's privileges.

Solution

Upgrade to FileZilla client version 2.2.23 or later.

See Also

http://sourceforge.net/projects/filezilla/

Plugin Details

Severity: High

ID: 21565

File Name: filezilla_client_buffer_overflow.nasl

Version: $Revision: 1.16 $

Type: local

Agent: windows

Family: Windows

Published: 2006/05/15

Modified: 2013/08/27

Dependencies: 69475

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:filezilla:filezilla

Required KB Items: SMB/Registry/Enumerated, SMB/filezilla/Installed

Exploit Available: false

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 2006/05/16

Reference Information

CVE: CVE-2006-2403

BID: 17972

OSVDB: 29970