Vulnerability Details : CVE-2006-6565
Public exploit exists!
FileZilla Server before 0.9.22 allows remote attackers to cause a denial of service (crash) via a wildcard argument to the (1) LIST or (2) NLST commands, which results in a NULL pointer dereference, a different set of vectors than CVE-2006-6564. NOTE: CVE analysis suggests that the problem might be due to a malformed PORT command.
Vulnerability category: Memory CorruptionDenial of service
Threat overview for CVE-2006-6565
Top countries where our scanners detected CVE-2006-6565
Top open port discovered on systems with this issue
21
IPs affected by CVE-2006-6565 278
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2006-6565!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2006-6565
Probability of exploitation activity in the next 30 days: 8.84%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 94 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2006-6565
-
FileZilla FTP Server Malformed PORT Denial of Service
Disclosure Date: 2006-12-11First seen: 2020-04-26auxiliary/dos/windows/ftp/filezilla_server_portThis module triggers a Denial of Service condition in the FileZilla FTP Server versions 0.9.21 and earlier. By sending a malformed PORT command then LIST command, the server attempts to write to a NULL pointer. Authors: - aushack <patrick@osisecurity.com.au>
CVSS scores for CVE-2006-6565
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:N/A:P |
8.0
|
2.9
|
NIST |
CWE ids for CVE-2006-6565
-
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.Assigned by: nvd@nist.gov (Primary)
References for CVE-2006-6565
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/30853
Third Party Advisory;VDB Entry
-
https://www.exploit-db.com/exploits/2914
FileZilla FTP Server 0.9.21 - 'LIST/NLST' Denial of Service - Windows dos ExploitExploit;Third Party Advisory;VDB Entry
-
http://www.vupen.com/english/advisories/2006/4937
Third Party Advisory
-
http://sourceforge.net/project/shownotes.php?release_id=470364&group_id=21558
Product;Third Party Advisory
Products affected by CVE-2006-6565
- cpe:2.3:a:filezilla-project:filezilla_server:*:*:*:*:*:*:*:*