Opened 14 years ago
Closed 10 years ago
#7379 closed Bug report (fixed)
LoadLibrary Vulnerability in FileZilla
Reported by: | Brian Wilkins | Owned by: | |
---|---|---|---|
Priority: | normal | Component: | FileZilla Server |
Keywords: | LoadLibrary | Cc: | |
Component version: | Operating system type: | Windows | |
Operating system version: | Windows XP SP3 |
Description
I ran rats 2.3 on the FileZilla source code and RATS detected several LoadLibrary vulernabilities in FileZilla. RATS states: "LoadLibrary will search several places for a library if
no path is specified, allowing trojan DLL's to be inserted elsewhere even if the intended DLL is correctly protected from overwriting. Make sure to specify the full path."
Looking at the below code snippets, you can see that the full path is not specified. Recommend the full path be specified in order to prevent this vulnerability from occurring.
AsyncGssSocketLayer.cpp
Line 670: m_hGSS_API = LoadLibrary(GFTPDLL);
AsyncSocketEx.cpp
Line 1122: m_hDll = LoadLibrary(_T("WS2_32.dll"));
AsyncSslSocketLayer.cpp
Line 312: m_hSslDll2 = LoadLibrary(_T("libeay32.dll"));
AsyncSslSocketLayer.cpp
Line 389: m_hSslDll1 = LoadLibrary(_T("ssleay32.dll"));
Change History (2)
comment:1 by , 14 years ago
Component: | FileZilla Client → FileZilla Server |
---|
comment:2 by , 10 years ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
This will be fixed in the next version of FileZilla Server. Now that XP support is gone, we can use LoadLibraryEx with the LOAD_LIBRARY_SEARCH_APPLICATION_DIR flag.