id: CVE-2009-0884

info:
  name: FileZilla Server < 0.9.31 - SSL/TLS Packet Overflow DoS
  author: pussycat0x
  severity: medium
  description: |
    FileZilla Server versions prior to 0.9.31 contain a buffer overflow vulnerability related to SSL/TLS packet handling. This vulnerability allows remote attackers to cause a denial of service through unspecified vectors involving SSL/TLS packets.
  impact: |
    Unauthenticated attackers can send specially crafted SSL/TLS packets to trigger buffer overflow, causing denial of service by crashing the FileZilla FTP server.
  remediation: |
    Update FileZilla Server to version 0.9.31 or later that properly handles SSL/TLS packet processing and prevents buffer overflow vulnerabilities.
  reference:
    - http://sourceforge.net/project/shownotes.php?release_id=665428
    - http://www.vupen.com/english/advisories/2009/0603
    - https://exchange.xforce.ibmcloud.com/vulnerabilities/49107
  classification:
    cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P
    cvss-score: 4.3
    cve-id: CVE-2009-0884
    cwe-id: CWE-120
    epss-score: 0.00295
    epss-percentile: 0.52998
    cpe: cpe:2.3:a:filezilla-project:filezilla_server:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: filezilla-project
    product: filezilla_server
    shodan-query: product:"FileZilla"
  tags: cve,cve2009,network,ftp,filezilla,tcp,passive,vuln

tcp:
  - inputs:
      - data: 00000000
        type: hex

    host:
      - "{{Hostname}}"

    port: 21
    read-size: 1024

    matchers:
      - type: dsl
        dsl:
          - "contains(raw, 'FileZilla')"
          - "compare_versions(version, '< 0.9.31')"
        condition: and

    extractors:
      - type: regex
        group: 1
        name: version
        regex:
          - "FileZilla Server version ([0-9.]+)"
# digest: 4a0a00473045022044173d8a7697dc7e9fa80666a273a5c1841f866aa88f117eb7ca4de83c314429022100ddf3969cdf062039489996006b86f0c83d5db8861a2c7fd022b791a1e0d70f70:922c64590222798bb761d5b6d8e72950