6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.027 Low
EPSS
Percentile
90.6%
The version of FileZilla Client on the remote host is a version prior to 3.7.2. As such, it is affected by an integer overflow vulnerability that exists in the βgetstring()β function from PuTTY used to handle SFTP. This can lead to a heap overflow during the SSH handshake prior to authentication, due to improper bounds checking of the length parameter received from the SFTP server. An attacker could exploit this issue by tricking a user into connecting to a specially crafted SFTP server. This could lead to a denial of service, and potentially code execution.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(69476);
script_version("1.5");
script_cvs_date("Date: 2018/11/15 20:50:26");
script_cve_id("CVE-2013-4852");
script_bugtraq_id(61599);
script_name(english:"FileZilla Client < 3.7.2 SFTP Integer Overflow");
script_summary(english:"Checks version of FileZilla");
script_set_attribute(attribute:"synopsis", value:
"The remote Windows host has an application that is affected by a
remote integer overflow vulnerability.");
script_set_attribute(attribute:"description", value:
"The version of FileZilla Client on the remote host is a version prior
to 3.7.2. As such, it is affected by an integer overflow vulnerability
that exists in the 'getstring()' function from PuTTY used to handle
SFTP. This can lead to a heap overflow during the SSH handshake prior
to authentication, due to improper bounds checking of the length
parameter received from the SFTP server. An attacker could exploit this
issue by tricking a user into connecting to a specially crafted SFTP
server. This could lead to a denial of service, and potentially code
execution.");
script_set_attribute(attribute:"see_also", value:"https://www.search-lab.hu/advisories/secadv-20130722");
script_set_attribute(attribute:"see_also", value:"https://filezilla-project.org/");
script_set_attribute(attribute:"solution", value:"Upgrade to FileZilla Client 3.7.2 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2013/08/05");
script_set_attribute(attribute:"patch_publication_date", value:"2013/08/06");
script_set_attribute(attribute:"plugin_publication_date", value:"2013/08/13");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:filezilla:filezilla");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.");
script_dependencies("filezilla_client_installed.nasl");
script_require_keys("SMB/Registry/Enumerated", "SMB/filezilla/Installed");
exit(0);
}
include("audit.inc");
include("smb_func.inc");
include("smb_hotfixes.inc");
include("misc_func.inc");
appname = "FileZilla Client";
kb_base = "SMB/filezilla/";
port = kb_smb_transport();
fix = "3.7.2";
fixnum = fix;
report = "";
installs = get_kb_item_or_exit(kb_base + "installs");
for (i = 0; i < installs; i++)
{
path = get_kb_item_or_exit(kb_base + "install/" + i + "/Path");
ver = get_kb_item_or_exit(kb_base + "install/" + i + "/Version");
vernum = get_kb_item_or_exit(kb_base + "install/" + i + "/VersionNumber");
if (ver_compare(ver:vernum, fix:fixnum, strict:FALSE) == -1)
{
if (report_verbosity > 0)
{
report +=
'\n Path : ' + path +
'\n Installed version : ' + ver +
'\n Fixed version : ' + fix +
'\n';
}
}
}
if (report != "")
{
if (report_verbosity > 0)
security_warning(port:port, extra:report);
else
security_warning(port:port);
}
else audit(AUDIT_INST_PATH_NOT_VULN, appname);