Opened 12 years ago
Closed 9 years ago
#7379 closed Bug report (fixed)
LoadLibrary Vulnerability in FileZilla
|Reported by:||Brian Wilkins||Owned by:|
|Component version:||Operating system type:||Windows|
|Operating system version:||Windows XP SP3|
I ran rats 2.3 on the FileZilla source code and RATS detected several LoadLibrary vulernabilities in FileZilla. RATS states: "LoadLibrary will search several places for a library if
no path is specified, allowing trojan DLL's to be inserted elsewhere even if the intended DLL is correctly protected from overwriting. Make sure to specify the full path."
Looking at the below code snippets, you can see that the full path is not specified. Recommend the full path be specified in order to prevent this vulnerability from occurring.
Line 670: m_hGSS_API = LoadLibrary(GFTPDLL);
Line 1122: m_hDll = LoadLibrary(_T("WS2_32.dll"));
Line 312: m_hSslDll2 = LoadLibrary(_T("libeay32.dll"));
Line 389: m_hSslDll1 = LoadLibrary(_T("ssleay32.dll"));
Change History (2)
comment:1 by , 12 years ago
|Component:||FileZilla Client → FileZilla Server|
comment:2 by , 9 years ago
|Status:||new → closed|
This will be fixed in the next version of FileZilla Server. Now that XP support is gone, we can use LoadLibraryEx with the LOAD_LIBRARY_SEARCH_APPLICATION_DIR flag.