NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to cause a denial of service (crash) via a CD command to a directory with an MS-DOS device name such as con.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Surgeftp | Netwin | 1.0b (including) | 1.0b (including) |
| Surgeftp | Netwin | 2.0a (including) | 2.0a (including) |
References
- http://netwinsite.com/surgeftp/manual/updates.htm
- http://www.securityfocus.com/archive/1/191916
- http://www.securityfocus.com/bid/2891
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6712
- http://netwinsite.com/surgeftp/manual/updates.htm
- http://www.securityfocus.com/archive/1/191916
- http://www.securityfocus.com/bid/2891
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6712