NASLDB: FileZilla FTP Server MLSD Command Overflow
General
ID: 21567
Name: FileZilla FTP Server MLSD Command Overflow
Summary: Checks version of FileZilla Server Interface
Credits: –
Classification
Risk: –
CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P
CVSS Temporal Vector: CVSS2#E:POC/RL:U/RC:ND
Port: 139
Family: Windows
Type: Local
Description
According to its version, the FileZilla Server Interface installed on
the remote host is affected by an unspecified buffer overflow
vulnerability, which could be leveraged by an attacker to execute
arbitrary code subject to the privileges of the user running the
affected application.
Note that to successfully exploit this remotely, the application would
need to be configured to accept remote connections, which it does not by
default.
Exploiting
Exploit Available: True
Exploitability Ease: Exploits are available
Sources
CVE: CVE-2006-2173
OSVDB: 25221
Bugtraq: –
scipID: –
Timeline
Vulnerability Disclosure: 2006/05/02
Patch Release: –
Plugin Release: 2006/05/16
Plugin
Version: 1.13
Filename: filezilla_server_interface_buffer_overflow.nasl
Filesize: 4191 bytes
MD5 Hash: 4f81eaeb55fbec48f837685fdaddfa72
Identification: SMB/Registry/Enumerated
Require Keys: SMB/Registry/Enumerated
Dependencies: "smb_hotfixes.nasl"
Copyright: This script is Copyright© 2006-2011 Tenable Network Security, Inc.
- Letzte Plugins
- USN-1611-1 : thunderbird vulnerabilities
- USN-1610-1 : linux vulnerability
- USN-1609-1 : linux-ti-omap4 vulnerability
- SuSE 10 Security Update : PostgreSQL
- RHSA-2012-1364: bind97
- RHSA-2012-1363: bind
- RHSA-2012-1362: thunderbird
- RHSA-2012-1361: xulrunner
- Mandriva Linux Security Advisory : graphicsmagick
- FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack