Opened 9 years ago

Closed 6 years ago

#7379 closed Bug report (fixed)

LoadLibrary Vulnerability in FileZilla

Reported by: Brian Wilkins Owned by:
Priority: normal Component: FileZilla Server
Keywords: LoadLibrary Cc:
Component version: Operating system type: Windows
Operating system version: Windows XP SP3

Description

I ran rats 2.3 on the FileZilla source code and RATS detected several LoadLibrary vulernabilities in FileZilla. RATS states: "LoadLibrary will search several places for a library if
no path is specified, allowing trojan DLL's to be inserted elsewhere even if the intended DLL is correctly protected from overwriting. Make sure to specify the full path."

Looking at the below code snippets, you can see that the full path is not specified. Recommend the full path be specified in order to prevent this vulnerability from occurring.

AsyncGssSocketLayer.cpp

Line 670: m_hGSS_API = LoadLibrary(GFTPDLL);

AsyncSocketEx.cpp

Line 1122: m_hDll = LoadLibrary(_T("WS2_32.dll"));

AsyncSslSocketLayer.cpp

Line 312: m_hSslDll2 = LoadLibrary(_T("libeay32.dll"));

AsyncSslSocketLayer.cpp

Line 389: m_hSslDll1 = LoadLibrary(_T("ssleay32.dll"));

Change History (2)

comment:1 by Brian Wilkins, 9 years ago

Component: FileZilla ClientFileZilla Server

comment:2 by Tim Kosse, 6 years ago

Resolution: fixed
Status: newclosed

This will be fixed in the next version of FileZilla Server. Now that XP support is gone, we can use LoadLibraryEx with the LOAD_LIBRARY_SEARCH_APPLICATION_DIR flag.

Note: See TracTickets for help on using tickets.