PT-2006-7166 · Filezilla · Filezilla Server

Published

2006-12-15

Updated

2017-07-29

CVE-2006-6564

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions FileZilla Server versions prior to 0.9.22

Description The issue allows remote attackers to cause a denial of service, resulting in a crash, by sending a malformed argument to the STOR command. This leads to a NULL pointer dereference. It is also suggested that the problem might be due to a malformed PORT command.

Recommendations For versions prior to 0.9.22, update to version 0.9.22 or later to resolve the issue. As a temporary workaround, consider restricting access to the STOR command until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-6564

Affected Products

Filezilla Server

PT-2006-7166 · Filezilla · Filezilla Server

CVE-2006-6564

Related Identifiers

Affected Products

References · 7