FileZilla Client < 3.7.3 Multiple Vulnerabilities
Medium Nessus Plugin ID 69494
SynopsisThe remote Windows host has an application that is affected by multiple vulnerabilities.
DescriptionThe version of FileZilla Client on the remote host is a version prior to 3.7.3. As such, it is affected by multiple vulnerabilities :
- A buffer underrun vulnerability exists that occurs when verifying a DSA signature when using SFTP.
- A remote buffer overflow vulnerability exists that is triggered when processing a specially crafted DSA signature when using SFTP. (CVE-2013-4207)
- Multiple information disclosure vulnerabilities exist due to improper cleaning of private keys used in SFTP sessions. An attacker could exploit these issues by tricking a user into connecting to a specially crafted SFTP server. This can lead to code execution, denial of service, and access to sensitive information like SFTP login passwords, obsolete session keys, public-key pass phrases, and the private halves of public keys.
SolutionUpgrade to FileZilla Client 3.7.3 or later.