Ravens PHP Scripts

FileZilla Unspecified Buffer Overflow Vulnerability
Date: Monday, May 15, 2006 @ 10:08:39 CEST
Topic: Security


TITLE: FileZilla Unspecified Buffer Overflow Vulnerability

SECUNIA ADVISORY ID: SA20086

VERIFY ADVISORY: http://secunia.com/advisories/20086/

CRITICAL: Moderately critical

IMPACT: System access

WHERE: >From remote

SOFTWARE: FileZilla 2.x
http://secunia.com/product/2925/

DESCRIPTION:
A vulnerability has been reported in FileZilla, which potentially can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an unspecified boundary error within the handling of replies from an FTP server. This can be exploited to cause a buffer overflow and may allow arbitrary code execution.

Successful exploitation requires that the user is e.g. tricked into connecting to a malicious FTP server.

The vulnerability has been reported in versions prior to 2.2.23.

SOLUTION: Update to version 2.2.23.
http://sourceforge.net/project/showfiles.php?group_id=21558&package_id=15149

PROVIDED AND/OR DISCOVERED BY: Reported by vendor.

ORIGINAL ADVISORY:
http://sourceforge.net/project/shownotes.php?release_id=416790








This article comes from Ravens PHP Scripts
https://www.ravenphpscripts.com

The URL for this story is:
https://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=2163