Gentoo FoundationGLSA-201706-09FileZilla: Buffer overflow
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.409 Medium
EPSS
Percentile
97.3%
Background
FileZilla is an open source FTP client.
Description
FileZilla is affected by the same vulnerability as reported in “GLSA 201703-03” because the package included a vulnerable copy of PuTTY. Please read the GLSA for PuTTY referenced below for details.
Impact
A remote attacker, utilizing the SSH agent forwarding of an SSH server, could execute arbitrary code with the privileges of the user running FileZilla or cause a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All FileZilla users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-ftp/filezilla-3.25.2"
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Gentoo | any | all | net-ftp/filezilla | < 3.25.2 | UNKNOWN |
Related
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.409 Medium
EPSS
Percentile
97.3%