CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
91.4%
According to its version, the FileZilla FTP client installed on the remote host is affected by multiple format string vulnerabilities. Details on the issues are not currently available, but it is expected that exploitation would require a user visit a malicious FTP site using the affected software.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(25039);
script_version("1.17");
script_cve_id("CVE-2007-2318");
script_bugtraq_id(23506);
script_name(english:"FileZilla FTP Client < 2.2.32 Multiple Format Strings");
script_summary(english:"Checks version of FileZilla client");
script_set_attribute(attribute:"synopsis", value:
"The remote Windows host has an application that is affected by
multiple format string vulnerabilities." );
script_set_attribute(attribute:"description", value:
"According to its version, the FileZilla FTP client installed on the
remote host is affected by multiple format string vulnerabilities.
Details on the issues are not currently available, but it is expected
that exploitation would require a user visit a malicious FTP site
using the affected software." );
script_set_attribute(attribute:"see_also", value:"https://sourceforge.net/projects/filezilla/" );
script_set_attribute(attribute:"solution", value:
"Upgrade to FileZilla client version 2.2.32 or later." );
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_publication_date", value: "2007/04/18");
script_set_attribute(attribute:"vuln_publication_date", value: "2007/04/16");
script_cvs_date("Date: 2018/11/15 20:50:26");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:filezilla:filezilla");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.");
script_dependencies("filezilla_client_installed.nasl");
script_require_keys("SMB/Registry/Enumerated", "SMB/filezilla/Installed");
exit(0);
}
include("audit.inc");
include("smb_func.inc");
include("smb_hotfixes.inc");
include("misc_func.inc");
appname = "FileZilla Client";
kb_base = "SMB/filezilla/";
port = kb_smb_transport();
fix = "2.2.32";
fixnum = fix;
report = "";
installs = get_kb_item_or_exit(kb_base + "installs");
for (i = 0; i < installs; i++)
{
path = get_kb_item_or_exit(kb_base + "install/" + i + "/Path");
ver = get_kb_item_or_exit(kb_base + "install/" + i + "/Version");
vernum = get_kb_item_or_exit(kb_base + "install/" + i + "/VersionNumber");
if (ver_compare(ver:vernum, fix:fixnum, strict:FALSE) == -1)
{
if (report_verbosity > 0)
{
report +=
'\n Path : ' + path +
'\n Installed version : ' + ver +
'\n Fixed version : ' + fix +
'\n';
}
}
}
if (report != "")
{
if (report_verbosity > 0)
security_hole(port:port, extra:report);
else
security_hole(port:port);
}
else audit(AUDIT_INST_PATH_NOT_VULN, appname);