CVE-2006-6565 : FileZilla Server before 0.9.22 allows remote attackers to cause a denial of service (crash) via a wildcard argument to t

FileZilla Server before 0.9.22 allows remote attackers to cause a denial of service (crash) via a wildcard argument to the (1) LIST or (2) NLST commands, which results in a NULL pointer dereference, a different set of vectors than CVE-2006-6564. NOTE: CVE analysis suggests that the problem might be due to a malformed PORT command.

Published 2006-12-15 11:28:00

Updated 2020-07-28 16:36:06

Source MITRE

View at NVD, CVE.org

Vulnerability category: Memory CorruptionDenial of service

Threat overview for CVE-2006-6565

Top countries where our scanners detected CVE-2006-6565

Top open port discovered on systems with this issue 21

IPs affected by CVE-2006-6565 278

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2006-6565!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2006-6565

Probability of exploitation activity in the next 30 days: 8.84%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 94 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2006-6565

FileZilla FTP Server Malformed PORT Denial of Service

Disclosure Date: 2006-12-11

First seen: 2020-04-26

auxiliary/dos/windows/ftp/filezilla_server_port

This module triggers a Denial of Service condition in the FileZilla FTP Server versions 0.9.21 and earlier. By sending a malformed PORT command then LIST command, the server attempts to write to a NULL pointer. Authors: - aushack <patrick@osisecurity.com.au>

More information

CVSS scores for CVE-2006-6565

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.0	MEDIUM	AV:N/AC:L/Au:S/C:N/I:N/A:P	8.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial

CWE ids for CVE-2006-6565

CWE-476 NULL Pointer Dereference

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2006-6565

https://exchange.xforce.ibmcloud.com/vulnerabilities/30853

Third Party Advisory;VDB Entry

CVEs referencing this url
https://www.exploit-db.com/exploits/2914

FileZilla FTP Server 0.9.21 - 'LIST/NLST' Denial of Service - Windows dos Exploit
Exploit;Third Party Advisory;VDB Entry
http://www.vupen.com/english/advisories/2006/4937

Third Party Advisory

CVEs referencing this url
http://sourceforge.net/project/shownotes.php?release_id=470364&group_id=21558

Product;Third Party Advisory

CVEs referencing this url

Products affected by CVE-2006-6565

Filezilla-project » Filezilla Server
Versions before (<) 0.9.22
cpe:2.3:a:filezilla-project:filezilla_server:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2006-6565