ID CVE-2006-6565
Summary FileZilla Server before 0.9.22 allows remote attackers to cause a denial of service (crash) via a wildcard argument to the (1) LIST or (2) NLST commands, which results in a NULL pointer dereference, a different set of vectors than CVE-2006-6564. NOTE: CVE analysis suggests that the problem might be due to a malformed PORT command.
References
Vulnerable Configurations
  • cpe:2.3:a:filezilla:filezilla_server:0.7
    cpe:2.3:a:filezilla:filezilla_server:0.7
  • cpe:2.3:a:filezilla:filezilla_server:0.7.1
    cpe:2.3:a:filezilla:filezilla_server:0.7.1
  • cpe:2.3:a:filezilla:filezilla_server:0.8.1
    cpe:2.3:a:filezilla:filezilla_server:0.8.1
  • cpe:2.3:a:filezilla:filezilla_server:0.8.2
    cpe:2.3:a:filezilla:filezilla_server:0.8.2
  • cpe:2.3:a:filezilla:filezilla_server:0.8.3
    cpe:2.3:a:filezilla:filezilla_server:0.8.3
  • cpe:2.3:a:filezilla:filezilla_server:0.8.4
    cpe:2.3:a:filezilla:filezilla_server:0.8.4
  • cpe:2.3:a:filezilla:filezilla_server:0.8.5
    cpe:2.3:a:filezilla:filezilla_server:0.8.5
  • cpe:2.3:a:filezilla:filezilla_server:0.8.6a
    cpe:2.3:a:filezilla:filezilla_server:0.8.6a
  • cpe:2.3:a:filezilla:filezilla_server:0.8.7
    cpe:2.3:a:filezilla:filezilla_server:0.8.7
  • cpe:2.3:a:filezilla:filezilla_server:0.8.8
    cpe:2.3:a:filezilla:filezilla_server:0.8.8
  • cpe:2.3:a:filezilla:filezilla_server:0.8.9
    cpe:2.3:a:filezilla:filezilla_server:0.8.9
  • cpe:2.3:a:filezilla:filezilla_server:0.9.0
    cpe:2.3:a:filezilla:filezilla_server:0.9.0
  • cpe:2.3:a:filezilla:filezilla_server:0.9.1b
    cpe:2.3:a:filezilla:filezilla_server:0.9.1b
  • cpe:2.3:a:filezilla:filezilla_server:0.9.2
    cpe:2.3:a:filezilla:filezilla_server:0.9.2
  • cpe:2.3:a:filezilla:filezilla_server:0.9.3
    cpe:2.3:a:filezilla:filezilla_server:0.9.3
  • cpe:2.3:a:filezilla:filezilla_server:0.9.4d
    cpe:2.3:a:filezilla:filezilla_server:0.9.4d
  • cpe:2.3:a:filezilla:filezilla_server:0.9.4e
    cpe:2.3:a:filezilla:filezilla_server:0.9.4e
  • cpe:2.3:a:filezilla:filezilla_server:0.9.5
    cpe:2.3:a:filezilla:filezilla_server:0.9.5
  • cpe:2.3:a:filezilla:filezilla_server:0.9.6
    cpe:2.3:a:filezilla:filezilla_server:0.9.6
  • cpe:2.3:a:filezilla:filezilla_server:0.9.6a
    cpe:2.3:a:filezilla:filezilla_server:0.9.6a
  • cpe:2.3:a:filezilla:filezilla_server:0.9.7
    cpe:2.3:a:filezilla:filezilla_server:0.9.7
  • cpe:2.3:a:filezilla:filezilla_server:0.9.8
    cpe:2.3:a:filezilla:filezilla_server:0.9.8
  • cpe:2.3:a:filezilla:filezilla_server:0.9.8a
    cpe:2.3:a:filezilla:filezilla_server:0.9.8a
  • cpe:2.3:a:filezilla:filezilla_server:0.9.8b
    cpe:2.3:a:filezilla:filezilla_server:0.9.8b
  • cpe:2.3:a:filezilla:filezilla_server:0.9.8c
    cpe:2.3:a:filezilla:filezilla_server:0.9.8c
  • cpe:2.3:a:filezilla:filezilla_server:0.9.9
    cpe:2.3:a:filezilla:filezilla_server:0.9.9
  • cpe:2.3:a:filezilla:filezilla_server:0.9.10
    cpe:2.3:a:filezilla:filezilla_server:0.9.10
  • cpe:2.3:a:filezilla:filezilla_server:0.9.10a
    cpe:2.3:a:filezilla:filezilla_server:0.9.10a
  • cpe:2.3:a:filezilla:filezilla_server:0.9.11
    cpe:2.3:a:filezilla:filezilla_server:0.9.11
  • cpe:2.3:a:filezilla:filezilla_server:0.9.12c
    cpe:2.3:a:filezilla:filezilla_server:0.9.12c
  • cpe:2.3:a:filezilla:filezilla_server:0.9.13b
    cpe:2.3:a:filezilla:filezilla_server:0.9.13b
  • cpe:2.3:a:filezilla:filezilla_server:0.9.14a
    cpe:2.3:a:filezilla:filezilla_server:0.9.14a
  • cpe:2.3:a:filezilla:filezilla_server:0.9.15
    cpe:2.3:a:filezilla:filezilla_server:0.9.15
  • cpe:2.3:a:filezilla:filezilla_server:0.9.16c
    cpe:2.3:a:filezilla:filezilla_server:0.9.16c
  • cpe:2.3:a:filezilla:filezilla_server:0.9.17
    cpe:2.3:a:filezilla:filezilla_server:0.9.17
  • cpe:2.3:a:filezilla:filezilla_server:0.9.18
    cpe:2.3:a:filezilla:filezilla_server:0.9.18
  • cpe:2.3:a:filezilla:filezilla_server:0.9.19
    cpe:2.3:a:filezilla:filezilla_server:0.9.19
  • cpe:2.3:a:filezilla:filezilla_server:0.9.20
    cpe:2.3:a:filezilla:filezilla_server:0.9.20
  • cpe:2.3:a:filezilla:filezilla_server:0.9.21
    cpe:2.3:a:filezilla:filezilla_server:0.9.21
CVSS
Base: 4.0 (as of 15-12-2006 - 11:56)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
exploit-db via4
description Filezilla FTP Server. CVE-2006-6564,CVE-2006-6565. Dos exploit for windows platform
file exploits/windows/dos/2914.php
id EDB-ID:2914
last seen 2016-01-31
modified 2006-12-11
platform windows
port
published 2006-12-11
reporter shinnai
source https://www.exploit-db.com/download/2914/
title Filezilla FTP Server <= 0.9.21 - LIST/NLST Denial of Service Exploit
type dos
metasploit via4
description This module triggers a Denial of Service condition in the FileZilla FTP Server versions 0.9.21 and earlier. By sending a malformed PORT command then LIST command, the server attempts to write to a NULL pointer.
id MSF:AUXILIARY/DOS/WINDOWS/FTP/FILEZILLA_SERVER_PORT
last seen 2019-03-19
modified 2017-11-08
published 2009-01-09
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/windows/ftp/filezilla_server_port.rb
title FileZilla FTP Server Malformed PORT Denial of Service
nessus via4
NASL family Windows
NASL id FILEZILLA_SERVER_0922.NASL
description According to its version, the FileZilla Server Interface installed on the remote host is affected by several denial of service flaws, which could be leveraged by an authenticated attacker to crash the server and deny service to legitimate users.
last seen 2019-02-21
modified 2018-07-11
plugin id 23831
published 2006-12-12
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=23831
title FileZilla FTP Server < 0.9.22 Wildcard Handling Remote DoS
refmap via4
confirm http://sourceforge.net/project/shownotes.php?release_id=470364&group_id=21558
exploit-db 2914
vupen ADV-2006-4937
xf filezilla-commands-dos(30853)
Last major update 07-03-2011 - 21:46
Published 15-12-2006 - 06:28
Last modified 18-10-2017 - 21:29
Back to Top