CVE-2005-0851: FileZilla Server < 0.9.6 - DoS via MODE Z Infinite Loop

id: CVE-2005-0851

info:
  name: FileZilla Server < 0.9.6 - DoS via MODE Z Infinite Loop
  author: pussycat0x
  severity: medium
  description: |
    FileZilla Server versions prior to 0.9.6 are vulnerable to denial of service when using MODE Z (zlib compression). Remote attackers can cause an infinite loop via certain file uploads or directory listings, leading to server unresponsiveness.
  reference:
    - http://sourceforge.net/project/shownotes.php?group_id=21558&release_id=314473
  classification:
    cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P
    cvss-score: 5
    cve-id: CVE-2005-0851
    cwe-id: CWE-835
    epss-score: 0.0008
    epss-percentile: 0.2455
    cpe: cpe:2.3:a:filezilla-project:filezilla_server:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: filezilla-project
    product: filezilla_server
    shodan-query: product:"FileZilla"
  tags: cve,cve2005,network,ftp,filezilla,tcp,passive,vuln

tcp:
  - inputs:
      - data: 00000000
        type: hex

    host:
      - "{{Hostname}}"

    port: 21
    read-size: 1024

    matchers:
      - type: dsl
        dsl:
          - "contains(raw, 'FileZilla')"
          - "compare_versions(version, '< 0.9.6')"
        condition: and

    extractors:
      - type: regex
        group: 1
        name: version
        regex:
          - "FileZilla Server version ([0-9.]+)"
# digest: 4a0a00473045022100f22d8225492745a0c9a5a02ac340f4fff3b39ddc41c68912a5f1d8201e67818402207a743e2ef8b719f825d8a183365951f050e261fbb7d8f0badee0495cbbe9f1ac:922c64590222798bb761d5b6d8e72950