Opened 6 years ago
Last modified 6 years ago
#11773 moreinfo Bug report
FileZilla 3.33
| Reported by: | Kağan Çapar | Owned by: | |
|---|---|---|---|
| Priority: | low | Component: | FileZilla Client |
| Keywords: | Cc: | ||
| Component version: | 3.33 | Operating system type: | Linux |
| Operating system version: | Kali Linux 2018.3_x64 |
Description
Hello, I'm Kağan, Vulnerability Reasearcher. I found vulnerability Filezilla 3.33 on Kali Linux 2018.3 x64 and I just published proof-of-concept type exploit-db but I managed to write shell code. If this version works with root authority, the authority can be priv-esc. You should know that I did not public. Also, vulnerability is not working Windows OS.
Good luck, I love filezilla!
Attachments (1)
Change History (3)
by , 6 years ago
| Attachment: | Screenshot from 2018-10-10 05-28-09.png added |
|---|
comment:1 by , 6 years ago
| Status: | new → moreinfo |
|---|
This doesn't appear to be a bug in FileZilla itself but rather one of the libraries it depends on.
Which version of wxWidgets is FileZilla linked against? Which version of GTK+ is wxWidgets in turn linked against?
comment:2 by , 6 years ago
| Priority: | critical → low |
|---|---|
| Summary: | FileZilla 3.33 Buffer-Overflow (PoC) → FileZilla 3.33 |
Thanks.
Note:
See TracTickets
for help on using tickets.
screenshot