Netwin SurgeFTP Malformed Request Denial of Service Vulnerability

SurgeFTP is a FTP Server distributed and maintained by Netwin. SurgeFTP is a configurable, easily maintained ftp server, functional on both the UNIX and Windows platforms.

A problem with the SurgeFTP program could allow a denial of service to legitimate users. This is due to the handling of malformed requests made by a client. It is possible to cause the server to cease functioning by logging in, and requesting a list of first the root directory, then a list of the directory above the root directory. Upon receiving the request, the ftp server resets connections, and ceases operating.

Therefore, it is possible for a malicious user to deny service to legitimate users by passing the predescribed request to the ftp server.


Privacy Statement
Copyright 2010, SecurityFocus