FileZilla Server Port Command Denial Of Service Network Vulnerability

Summary

FileZilla Server before 0.9.22 allows remote attackers to cause a denial of service (crash) via a wildcard argument to the (1) LIST or (2) NLST commands, which results in a NULL pointer dereference, a different set of vectors than CVE-2006-6564. NOTE: CVE analysis suggests that the problem might be due to a malformed PORT command.

Solution

Upgrade vulnerable FTP server to latest version.

References

http://osvdb.org/34435

Updated on 2015-03-25

Severity

Classification

CVE CVE-2006-6565
CVSS Base Score: 4.0
AV:N/AC:L/Au:S/C:N/I:N/A:P

Related Vulnerabilities

TurboFTP 'DELE' FTP Command Remote Buffer Overflow Vulnerability
RaidenFTPD Directory Traversal flaw
SurgeFTP 'surgeftpmgr.cgi' Multiple Cross Site Scripting Vulnerabilities
pyftpdlib FTP Server Information Disclosure Vulnerability
Home FTP Server 'MKD' Command Directory Traversal Vulnerability

FileZilla Server Port Command Denial of Service

Take action and discover your vulnerabilities