[21094] in bugtraq
SurgeFTP vulnerabilities
daemon@ATHENA.MIT.EDU (SDL Office)
Tue Jun 19 10:23:16 2001
Message-ID: <00a201c0f897$0116de80$0100007f@smax>
From: "SDL Office" <bugtraq@sentry-labs.com>
To: <bugtraq@securityfocus.com>
Date: Tue, 19 Jun 2001 10:08:11 +0200
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
[Sentry Research Labs - ID0301061701]
This advisory is provided by www.sentry-labs.com
Note:
This advisory is for information and educational purpouse only! We
are not responsible for any abuse or damage resulting from these
information.
Author:
Siberian
Topic:
Serveral Security Flaws in Surge FTP Server
Affected:
Surdge FTP Server 2.0a
Tested with Windows 98 SE and Surge FTP Server 2.0a Trial
Vendor Status:
Informed, bugfix available
Vendor URL:
http://netwinsite.com/surgeftp/
Preamble:
Surge FTP Server is a US$385 FTP Server Software from Netwin, which come
with serveral features
like webinterface and other intresting features
Issue:
1.) A simple directory transversal bug allows listing of normaly
unaccessable files
2.) FTP allows anybody to DOS the machine with a well known con/con attack.
Exploit:
1.) Connect to the server with anonymous and type "nlist ..."
2.) Connect to the server with anonymous and type cd con/con (yes, this is
well know and works with MANY other too, but we think it should be
filtered).
Workaround:
update to ver 2.0b available form www.netwinsite.com/surgeftp
