(FileZilla Issues Fix) Zlib Error Handling Bug in inflate() and inflateBack() Lets Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1011090 |
|
SecurityTracker URL: http://securitytracker.com/id/1011090
|
|
CVE Reference:
CAN-2004-0797
(Links to External Site)
|
Date: Aug 30 2004
|
Impact:
Denial of service via local system, Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): prior to 0.9.3
|
Description:
A vulnerability was reported in zlib. A remote user can cause denial of service conditions. FileZilla is affected.
Johan Thelmen reported that a specially crafted file can cause a segmentation fault in zlib.
It is reported that the inflate() and inflateBack() functions do not properly handle errors.
|
Impact:
A user can create a file that when processed by zlib, will cause a segmentation fault. The specific impact depends on the application using zlib.
|
Solution:
FileZilla is affected by the zlib vulnerability. A fixed version (0.9.3) of FileZilla is available at:
sourceforge.net/forum/forum.php?forum_id=403139
|
Vendor URL: sourceforge.net/forum/forum.php?forum_id=403139 (Links to External Site)
|
Cause:
Exception handling error
|
Underlying OS:
Windows (Any)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Aug 29, 2004
Subject: Security fix in FileZilla Server 0.9.3
|
http://sourceforge.net/forum/forum.php?forum_id=403139
> Posted By: botg
> Date: 2004-08-29 15:41
> Summary: Security fix in FileZilla Server 0.9.3
>
> Recently a security vulnerability in zlib was found which could be use for denial of
> service attacks on all programs using zlib. See
> http://www.openpkg.org/security/OpenPKG-SA-2004.038-zlib.html for details.
>
> Since FileZilla Server uses zlib for MODE Z transfers, it was affected by this
> problem as well. Version 0.9.3 of FileZilla Server has been released to fix this
> vulnerability.
|
|
