FileZilla psftp.exe Multiple Function Remote Overflow

2005-02-24T01:23:58
ID OSVDB:14662
Type osvdb
Reporter OSVDB
Modified 2005-02-24T01:23:58

Description

Vulnerability Description

A remote overflow exists in FileZilla. Multiple functions in the 'psftp.exe' application fail to perform proper bounds checking resulting in an integer overflow. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Upgrade to version 2.2.11 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A remote overflow exists in FileZilla. Multiple functions in the 'psftp.exe' application fail to perform proper bounds checking resulting in an integer overflow. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Vendor URL: http://filezilla.sourceforge.net/ Vendor Specific News/Changelog Entry: http://sourceforge.net/forum/forum.php?forum_id=447540 Security Tracker: 1013292 Related OSVDB ID: 14003 Related OSVDB ID: 14002