FileZilla Server versions prior to 0.9.6 are vulnerable to denial of service when processing filenames containing MS-DOS device names such as CON, NUL, COM1, LPT1, and others. Remote attackers can cause the server to crash or become unresponsive by requesting files with these reserved device names.
PoC代码[已公开]
id: CVE-2005-0850
info:
name: FileZilla Server < 0.9.6 - DoS via MS-DOS Device Names
author: pussycat0x
severity: medium
description: |
FileZilla Server versions prior to 0.9.6 are vulnerable to denial of service when processing filenames containing MS-DOS device names such as CON, NUL, COM1, LPT1, and others. Remote attackers can cause the server to crash or become unresponsive by requesting files with these reserved device names.
reference:
- http://sourceforge.net/project/shownotes.php?group_id=21558&release_id=314473
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P
cvss-score: 5
cve-id: CVE-2005-0850
cwe-id: CWE-20
epss-score: 0.00109
epss-percentile: 0.29966
cpe: cpe:2.3:a:filezilla-project:filezilla_server:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: filezilla-project
product: filezilla_server
shodan-query: product:"FileZilla"
tags: cve,cve2005,network,ftp,filezilla,tcp,passive,vuln
tcp:
- inputs:
- data: 00000000
type: hex
host:
- "{{Hostname}}"
port: 21
read-size: 1024
matchers:
- type: dsl
dsl:
- "contains(raw, 'FileZilla')"
- "compare_versions(version, '< 0.9.6')"
condition: and
extractors:
- type: regex
group: 1
name: version
regex:
- "FileZilla Server version ([0-9.]+)"
# digest: 4a0a00473045022100aa3a6256e6984a26fe45d268f27d206cfedf547108f3501dfe80e793c13f81440220084e4138e234a6231961e476305dae2651b9f655d0501354013974f2b22e20c3:922c64590222798bb761d5b6d8e72950