Date: Tue, 19 Jun 2001 10:08:11 +0200
From: SDL Office <[email protected]>
To: [email protected]Subject: SurgeFTP vulnerabilities
[Sentry Research Labs - ID0301061701]
This advisory is provided by www.sentry-labs.com
Note:
This advisory is for information and educational purpouse only! We
are not responsible for any abuse or damage resulting from these
information.
Author:
Siberian
Topic:
Serveral Security Flaws in Surge FTP Server
Affected:
Surdge FTP Server 2.0a
Tested with Windows 98 SE and Surge FTP Server 2.0a Trial
Vendor Status:
Informed, bugfix available
Vendor URL:
http://netwinsite.com/surgeftp/
Preamble:
Surge FTP Server is a US$385 FTP Server Software from Netwin, which come
with serveral features
like webinterface and other intresting features
Issue:
1.) A simple directory transversal bug allows listing of normaly
unaccessable files
2.) FTP allows anybody to DOS the machine with a well known con/con attack.
Exploit:
1.) Connect to the server with anonymous and type "nlist ..."
2.) Connect to the server with anonymous and type cd con/con (yes, this is
well know and works with MANY other too, but we think it should be
filtered).
Workaround:
update to ver 2.0b available form www.netwinsite.com/surgeftp
