Netwin SurgeFTP Server MS-DOS Device Name Denial of Service Vulnerability

SurgeFTP is a multiplatform FTP server from Netwin Software, with versions supporting Windows NT, 2000, 95 and 98 as well as RedHat Linux 5-7 and FreeBSD.

By attempting to open a directory named for certain MS-DOS devicenames, a remote attacker can cause Windows versions of SurgeFTP to crash, requiring a restart.


Privacy Statement
Copyright 2010, SecurityFocus