MGASA-2021-0434 Updated proftpd packages fix security vulnerability

Fixes memory disclosure to RADIUS servers by modradius. Ftp clients like filezilla fail to detect locale with in log : "Status: Server does not support non-ASCII characters." This comes from proftpd MultilineRFC2228 directive enabled by default. Without this directive Filezilla is able to enable...

Updated proftpd packages fix security vulnerability

Fixes memory disclosure to RADIUS servers by modradius. Ftp clients like filezilla fail to detect locale with in log : "Status: Server does not support non-ASCII characters." This comes from proftpd MultilineRFC2228 directive enabled by default. Without this directive Filezilla is able to enable...

Updated filezilla packages fix security vulnerability

filezilla embeds a PuTTY client that was vulnerable: PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts where no host key for the server has been cached by...

MGASA-2021-0380 Updated filezilla packages fix security vulnerability

filezilla embeds a PuTTY client that was vulnerable: PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts where no host key for the server has been cached by...

Bypassing MassLogger Anti-Analysis — a Man-in-the-Middle Approach

The FireEye Front Line Applied Research & Expertise FLARE Team attempts to always stay on top of the most current and emerging threats. As a member of the FLARE Reverse Engineer team, I recently received a request to analyze a fairly new credential stealer identified as MassLogger. Despite the la...

FileZilla: Untrusted search path

Background FileZilla is an open source FTP client. Description It was discovered that FileZilla uses an untrusted search path. Impact An attacker could use a malicious binary to escalate privileges. Workaround There is no known workaround at this time. Resolution All FileZilla users should upgrad...

GLSA-202007-51 : FileZilla: Untrusted search path

The remote host is affected by the vulnerability described in GLSA-202007-51 FileZilla: Untrusted search path It was discovered that FileZilla uses an untrusted search path. Impact : An attacker could use a malicious binary to escalate privileges. Workaround : There is no known workaround at this...

Fedora 32 : filezilla / libfilezilla (2020-74dd64990b)

3.48.1 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable Network Security, Inc. The...

[SECURITY] Fedora 32 Update: filezilla-3.48.1-1.fc32

FileZilla is a FTP, FTPS and SFTP client for Linux with a lot of features. - Supports FTP, FTP over SSL/TLS FTPS and SSH File Transfer Protocol SFT P - Cross-platform - Available in many languages - Supports resume and transfer of large files greater than 4GB - Easy to use Site Manager and transf...

Fedora: Security Advisory for filezilla (FEDORA-2020-74dd64990b)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

FileZilla: FileZilla 3.46.3 - 'Scale factor' Buffer Overflow

Summary: FileZilla in has a problem in the "Scale Factor" field is vulnerable to a Buffer Over Flow attack or a denial attack. Adding random characters in an entry that must accept only Float input type values. Steps To Reproduce: A python file of name generatepaste.py was generated for the...

Updated filezilla packages fix security vulnerability

Updated filezilla packages fix bugs and a security vulnerability: Filenames containing double-quotation marks were not escaped correctly when selected for opening/editing. Depending on the associated program, parts of the filename could be interpreted as commands. For other fixes in this update,...

MGASA-2019-0417 Updated filezilla packages fix security vulnerability

Updated filezilla packages fix bugs and a security vulnerability: Filenames containing double-quotation marks were not escaped correctly when selected for opening/editing. Depending on the associated program, parts of the filename could be interpreted as commands. For other fixes in this update,...

Fedora 29 : filezilla / libfilezilla (2019-6e77507660)

Bugfixes, and a security fix: Fixed vulnerabilities : Filenames containing double-quotation marks were not escaped correctly when selected for opening/editing. Depending on the associated program, parts of the filename could be interpreted as commands. Note that Tenable Network Security has...

Fedora 30 : filezilla / libfilezilla (2019-7b9af09b17)

Bugfixes, and a security fix: Fixed vulnerabilities : Filenames containing double-quotation marks were not escaped correctly when selected for opening/editing. Depending on the associated program, parts of the filename could be interpreted as commands. Note that Tenable Network Security has...

Fedora Update for filezilla FEDORA-2019-7b9af09b17

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for filezilla FEDORA-2019-6e77507660

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 29 Update: filezilla-3.43.0-1.fc29

FileZilla is a FTP, FTPS and SFTP client for Linux with a lot of features. - Supports FTP, FTP over SSL/TLS FTPS and SSH File Transfer Protocol SFT P - Cross-platform - Available in many languages - Supports resume and transfer of large files 4GB - Easy to use Site Manager and transfer queue - Dr...

[SECURITY] Fedora 30 Update: filezilla-3.43.0-1.fc30

FileZilla is a FTP, FTPS and SFTP client for Linux with a lot of features. - Supports FTP, FTP over SSL/TLS FTPS and SSH File Transfer Protocol SFT P - Cross-platform - Available in many languages - Supports resume and transfer of large files 4GB - Easy to use Site Manager and transfer queue - Dr...

[SECURITY] Fedora 28 Update: filezilla-3.41.2-1.fc28

FileZilla is a FTP, FTPS and SFTP client for Linux with a lot of features. - Supports FTP, FTP over SSL/TLS FTPS and SSH File Transfer Protocol SFT P - Cross-platform - Available in many languages - Supports resume and transfer of large files 4GB - Easy to use Site Manager and transfer queue - Dr...