Opened 12 years ago

Closed 9 years ago

#7379 closed Bug report (fixed)

LoadLibrary Vulnerability in FileZilla

Reported by: Brian Wilkins Owned by:
Priority: normal Component: FileZilla Server
Keywords: LoadLibrary Cc:
Component version: Operating system type: Windows
Operating system version: Windows XP SP3


I ran rats 2.3 on the FileZilla source code and RATS detected several LoadLibrary vulernabilities in FileZilla. RATS states: "LoadLibrary will search several places for a library if
no path is specified, allowing trojan DLL's to be inserted elsewhere even if the intended DLL is correctly protected from overwriting. Make sure to specify the full path."

Looking at the below code snippets, you can see that the full path is not specified. Recommend the full path be specified in order to prevent this vulnerability from occurring.


Line 670: m_hGSS_API = LoadLibrary(GFTPDLL);


Line 1122: m_hDll = LoadLibrary(_T("WS2_32.dll"));


Line 312: m_hSslDll2 = LoadLibrary(_T("libeay32.dll"));


Line 389: m_hSslDll1 = LoadLibrary(_T("ssleay32.dll"));

Change History (2)

comment:1 by Brian Wilkins, 12 years ago

Component: FileZilla ClientFileZilla Server

comment:2 by Tim Kosse, 9 years ago

Resolution: fixed
Status: newclosed

This will be fixed in the next version of FileZilla Server. Now that XP support is gone, we can use LoadLibraryEx with the LOAD_LIBRARY_SEARCH_APPLICATION_DIR flag.

Note: See TracTickets for help on using tickets.