cbcvebase.
CVE-2006-6565
published 2006-12-15

CVE-2006-6565: FileZilla Server before 0.9.22 allows remote attackers to cause a denial of service (crash) via a wildcard argument to the (1) LIST or (2) NLST commands, which…

PriorityP428medium4CVSS 2.0
AVNACLAuSCNINAP
EXPLOIT
EPSS
70.30%
99.3th percentile
FileZilla Server before 0.9.22 allows remote attackers to cause a denial of service (crash) via a wildcard argument to the (1) LIST or (2) NLST commands, which results in a NULL pointer dereference, a different set of vectors than CVE-2006-6564. NOTE: CVE analysis suggests that the problem might be due to a malformed PORT command.

Affected

1 ranges
VendorProductVersion rangeFixed in
filezilla-projectfilezilla_server< 0.9.220.9.22

Detection & IOCsextracted from sources · hover to see the quote

commandLIST *
commandNLST *
otherFileZilla Server version ([0-9.]+)
  • Detect vulnerable FileZilla Server by banner grabbing: match 'FileZilla' in banner and check version is less than 0.9.22
  • Extract version from FTP banner using regex pattern 'FileZilla Server version ([0-9.]+)' to identify vulnerable instances
  • Shodan query 'product:"FileZilla"' can be used to identify exposed FileZilla FTP servers for assessment
  • The exploit sequence involves sending a malformed PORT command followed by a LIST command, causing the server to attempt a write to a NULL pointer
  • ·CVE analysis notes the root cause may be a malformed PORT command rather than (or in addition to) wildcard LIST/NLST arguments; both attack vectors should be considered
  • ·Exploitation requires authentication (Au:S in CVSS), so the attacker must have valid FTP credentials to trigger the DoS
  • ·This CVE covers a different set of vectors than CVE-2006-6564, which is a related but distinct FileZilla DoS vulnerability
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.