FileZilla GnuTLS Multiple Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 22 May 2008 5386 Views

RISK: Medium Risk

Medium Risk

Multiple vulnerabilities have been identified in FileZilla, which could be exploited by remote attackers to cause a denial of service or compromise an affected system.

1. Due to a NULL pointer dereference error when processing TLS packets containing multiple "Client Hello" messages, which could be exploited by unauthenticated attackers to crash a vulnerable application.

2. Due to a buffer overflow error when processing certain "Client Hello" messages containing a Server name extension, which could be exploited by unauthenticated attackers to crash an affected application or execute arbitrary code.

3. Due to an error in the "_gnutls_ciphertext2compressed()" [lib/gnutls_cipher.c] function when handling encrypted TLS data containig invalid Record lengths, which could be exploited by unauthenticated remote attackers to crash a vulnerable application.

Impact

  • Denial of Service
  • Remote Code Execution

System / Technologies affected

  • FileZilla versions prior to 3.0.10

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Vulnerability Identifier

Source

Related Link

Share with

Previous

CA Products Code Execution and File Manipulation Vulnerabilities

21 May 2008 5293 Views

Next

Adobe Flash Player Unspecified Remote Code Execution Vulnerability

28 May 2008 5266 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY