A vulnerability has been reported in the file transfer client FileZilla that if exploited, can allow a local attacker to bypass native security mechanisms on the system.

The vulnerability reolves around improper handling of errors in SSL/TLS secure data transfers. If a transfer data connection is closed, FileZilla does not check to confirm a proper TLS shutdown. This may result in transfer failures, and may be exploited by an attacker using spoofed FIN packets sent to the client.

Upgrade to version 3.0.10 or later

-