FileZilla 3.3.2
|
Date Added: |
Feb 23, 2010 07:50 AM |
Publisher's Description: |
FileZilla 3.1.0.1 fixes a vulnerability regarding the way some errors are handled on SSL/TLS secured data transfers.
If the data connection of a transfer gets closed, FileZilla did not check if the server performed an orderly TLS shutdown.
Impact
An attacker could send spoofed FIN packets to the client. Even though GnuTLS detects this with GNUTLS_E_UNEXPECTED_PACKET_LENGTH, FileZilla did not record a transfer failure in all cases.
Unfortunately not all servers perform an orderly SSL/TLS shutdown. Since this cannot be distinguished from an attack, FileZilla will not be able to download listings or files from such servers.
Affected versions
All versions prior to 3.1.0.1 are affected. This vulnerability has been fixed in 3.1.0.1
|
Documentation: |
http://filezilla-project.org/ |
Last Download: |
May 01, 2024 04:45 AM
|
Downloads: |
419 |
OS: |
Windows |
Rating: |
|
|
|