CVE-2006-6565
published 2006-12-15CVE-2006-6565: FileZilla Server before 0.9.22 allows remote attackers to cause a denial of service (crash) via a wildcard argument to the (1) LIST or (2) NLST commands, which…
PriorityP428medium4CVSS 2.0
AVNACLAuSCNINAP
EXPLOIT
EPSS
70.30%
99.3th percentile
FileZilla Server before 0.9.22 allows remote attackers to cause a denial of service (crash) via a wildcard argument to the (1) LIST or (2) NLST commands, which results in a NULL pointer dereference, a different set of vectors than CVE-2006-6564. NOTE: CVE analysis suggests that the problem might be due to a malformed PORT command.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| filezilla-project | filezilla_server | < 0.9.22 | 0.9.22 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect vulnerable FileZilla Server by banner grabbing: match 'FileZilla' in banner and check version is less than 0.9.22
- →Extract version from FTP banner using regex pattern 'FileZilla Server version ([0-9.]+)' to identify vulnerable instances
- →Shodan query 'product:"FileZilla"' can be used to identify exposed FileZilla FTP servers for assessment
- →The exploit sequence involves sending a malformed PORT command followed by a LIST command, causing the server to attempt a write to a NULL pointer ↗
- ·CVE analysis notes the root cause may be a malformed PORT command rather than (or in addition to) wildcard LIST/NLST arguments; both attack vectors should be considered ↗
- ·Exploitation requires authentication (Au:S in CVSS), so the attacker must have valid FTP credentials to trigger the DoS
- ·This CVE covers a different set of vectors than CVE-2006-6564, which is a related but distinct FileZilla DoS vulnerability ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
FileZilla FTP Server 0.9.21 - 'LIST/NLST' Denial of Service
exploitdb·2006-12-11
CVE-2006-6565 FileZilla FTP Server 0.9.21 - 'LIST/NLST' Denial of Service
FileZilla FTP Server 0.9.21 - 'LIST/NLST' Denial of Service
---
# milw0rm.com [2006-12-11]
Nuclei
FileZilla Server < 0.9.22 - DoS via Wildcard Commands
nuclei·CVSS 4.0
CVE-2006-6565 [MEDIUM] FileZilla Server < 0.9.22 - DoS via Wildcard Commands
FileZilla Server < 0.9.22 - DoS via Wildcard Commands
FileZilla Server versions prior to 0.9.22 are vulnerable to remote denial of service (crash) when processing wildcard arguments to LIST/NLST commands, malformed PORT commands, or other malformed commands. This leads to NULL pointer dereference that can crash the server.
Template:
id: CVE-2006-6565
info:
name: FileZilla Server < 0.9.22 - DoS via Wildcard Commands
author: pussycat0x
severity: medium
description: |
FileZilla Server versions prior to 0.9.22 are vulnerable to remote denial of service (crash) when processing wildcard arguments to LIST/NLST commands, malformed PORT commands, or other malformed commands. This leads to NULL pointer dereference that can crash the server.
impact: |
Authenticated attackers can cause denial of s
Metasploit
FileZilla FTP Server Malformed PORT Denial of Service
metasploit
FileZilla FTP Server Malformed PORT Denial of Service
FileZilla FTP Server Malformed PORT Denial of Service
This module triggers a Denial of Service condition in the FileZilla FTP Server versions 0.9.21 and earlier. By sending a malformed PORT command then LIST command, the server attempts to write to a NULL pointer.
http://sourceforge.net/project/shownotes.php?release_id=470364&group_id=21558http://www.vupen.com/english/advisories/2006/4937https://exchange.xforce.ibmcloud.com/vulnerabilities/30853https://www.exploit-db.com/exploits/2914http://sourceforge.net/project/shownotes.php?release_id=470364&group_id=21558http://www.vupen.com/english/advisories/2006/4937https://exchange.xforce.ibmcloud.com/vulnerabilities/30853https://www.exploit-db.com/exploits/2914
2006-12-15
Published