For those who do use the best free FTP utility available, please do
update to the latest version.
FileZilla Unspecified Format String Vulnerabilities Advisory
Available in Danish Advisory Available in German
Secunia Advisory: SA24894
Release Date: 2007-04-16
Critical:
Moderately critical
Impact: DoS
System access
Where: From remote
Solution Status: Vendor Patch
Software: FileZilla 2.x
Description:
Some vulnerabilities have been reported in FileZilla, which potentially
can be exploited by malicious people to compromise a user's system.
The vulnerabilities are caused due to various unspecified format string
errors. These can potentially be exploited to execute arbitrary code via
e.g. specially crafted server responses or data containing format string
specifiers sent when a user interacts with a malicious FTP server.
The vulnerability is reported in versions prior to 2.2.32.
Solution:
Update to version 2.2.32.
http://sourceforge.net/project/showfiles.php?group_id=21558
Provided and/or discovered by:
Reported by the vendor.
Original Advisory:
http://sourceforge.net/project/showno...?release_id=501534&group_id=21558
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/rules.htm
Contact list owner <[EMAIL PROTECTED]>
Unsubscribing and other changes: http://pcworkers.com
=====================================================