Detections
Analytics

FileZilla FTP Server Multiple DoS

high Nessus Plugin ID 17593

Language:

Synopsis

The remote FTP server has multiple denial of service vulnerabilities.

Description

The remote host is running a version of FileZilla server with the following denial of service vulnerabilities :

 - Requesting a file containing the reserved name of a DOS device (e.g. CON, NUL, COM1, etc.) can cause the server to freeze.

 - Downloading a file or directory listing with MODE Z enabled (zlib compression) can cause an infinite loop.

Solution

Upgrade to FileZilla Server 0.9.6 or later.

See Also

http://sourceforge.net/project/shownotes.php?release_id=314473

Plugin Details

Severity: High

ID: 17593

File Name: filezilla_denial.nasl

Version: 1.15

Type: remote

Family: FTP

Published: 3/22/2005

Updated: 7/11/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: cpe:/a:filezilla:filezilla_server

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 3/22/2005

Reference Information

CVE: CVE-2005-0850, CVE-2005-0851

BID: 12865

Secunia: 14664