CVE-2006-6564
published 2006-12-15CVE-2006-6564: FileZilla Server before 0.9.22 allows remote attackers to cause a denial of service (crash) via a malformed argument to the STOR command, which results in a…
PriorityP416medium4CVSS 2.0
AVNACLAuSCNINAP
EXPLOIT
EPSS
5.73%
92.1th percentile
FileZilla Server before 0.9.22 allows remote attackers to cause a denial of service (crash) via a malformed argument to the STOR command, which results in a NULL pointer dereference. NOTE: CVE analysis suggests that the problem might be due to a malformed PORT command.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| filezilla-project | filezilla_server | < 0.9.22 | 0.9.22 |
| filezilla | filezilla | <= 0.9.21 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-42fr-8xjf-ghxh: FileZilla Server before 0
ghsa_unreviewed·2022-05-01·CVSS 4.0
CVE-2006-6565 [MEDIUM] CWE-476 GHSA-42fr-8xjf-ghxh: FileZilla Server before 0
FileZilla Server before 0.9.22 allows remote attackers to cause a denial of service (crash) via a wildcard argument to the (1) LIST or (2) NLST commands, which results in a NULL pointer dereference, a different set of vectors than CVE-2006-6564. NOTE: CVE analysis suggests that the problem might be due to a malformed PORT command.
GHSA
GHSA-vv3r-m5xq-rhrp: FileZilla Server before 0
ghsa_unreviewed·2022-05-01
CVE-2006-6564 [MEDIUM] GHSA-vv3r-m5xq-rhrp: FileZilla Server before 0
FileZilla Server before 0.9.22 allows remote attackers to cause a denial of service (crash) via a malformed argument to the STOR command, which results in a NULL pointer dereference. NOTE: CVE analysis suggests that the problem might be due to a malformed PORT command.
No detection rules found.
Exploit-DB
FileZilla FTP Server 0.9.21 - 'LIST/NLST' Denial of Service
exploitdb·2006-12-11
CVE-2006-6565 FileZilla FTP Server 0.9.21 - 'LIST/NLST' Denial of Service
FileZilla FTP Server 0.9.21 - 'LIST/NLST' Denial of Service
---
# milw0rm.com [2006-12-11]
Exploit-DB
FileZilla FTP Server 0.9.20b/0.9.21 - 'STOR' Denial of Service
exploitdb·2006-12-09
CVE-2006-6564 FileZilla FTP Server 0.9.20b/0.9.21 - 'STOR' Denial of Service
FileZilla FTP Server 0.9.20b/0.9.21 - 'STOR' Denial of Service
---
MOV BYTE PTR [ESI+7C],01
07:04:28.330 pid=0F84 tid=03A0 EXCEPTION (unhandled)
Exception C0000005 (ACCESS_VIOLATION writing [0000007C])
EAX=00000000: ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??
EBX=00476540: 0A 00 00 00 43 00 44 00-55 00 50 00 00 00 00 00
ECX=00000000: ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??
EDX=00D7E2F4: 00 00 00 00 A8 56 37 00-00 00 00 00 00 00 00 00
ESP=00D7E2C8: 00 00 00 00 F0 6E 37 00-2F 93 41 00 F4 E2 D7 00
EBP=0000000C: ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??
ESI=00000000: ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??
EDI=00000060: ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??
EIP=00449427: C6 46 7C 01 8B 4F 18 B8-08 00 00 00 3B C8 72 05
--> MOV BYTE PTR [ESI+7C],01
07:04:2
http://retrogod.altervista.org/filezilla_0921_dos.htmlhttp://sourceforge.net/project/shownotes.php?release_id=470364&group_id=21558http://www.vupen.com/english/advisories/2006/4937https://exchange.xforce.ibmcloud.com/vulnerabilities/30853http://retrogod.altervista.org/filezilla_0921_dos.htmlhttp://sourceforge.net/project/shownotes.php?release_id=470364&group_id=21558http://www.vupen.com/english/advisories/2006/4937https://exchange.xforce.ibmcloud.com/vulnerabilities/30853
2006-12-15
Published