| VID |
16106 |
| Severity |
30 |
| Port |
21 |
| Protocol |
TCP |
| Class |
FTP |
| Detailed Description |
The SurgeFTP FTP server, according to its banner, has a denial of service vulnerability by the LEAK command. SurgeFTP is an FTP server with SSL/TLS security, easy management and cross platform support. NetWin SurgeFTP versions prior to 2.2m2 is vulnerable to a denial of service vulnerability when processing the non-standard LEAK command. A remote unauthenticated attacker could exploit this flaw to cause the affected FTP server to either refuse new connections or not be able to send or receive files.
* Note: This check solely relied on the banner of the remote FTP server to assess this vulnerability, so this might be a false positive.
* References:
http://www.security.org.sg/vuln/surgeftp22m1.html
http://secunia.com/advisories/14888
http://securitytracker.com/id?1013664
http://marc.theaimsgroup.com/?l=bugtraq&m=111289226204780&w=2
* Platforms Affected:
NetWin SurgeFTP versions prior to 2.2m2
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of SurgeFTP (2.2m2 or later), available from the SurgeFTP Web site at http://netwinsite.com/surgeftp/ |
| Related URL |
CVE-2005-1034 (CVE) |
| Related URL |
13054 (SecurityFocus) |
| Related URL |
20011 (ISS) |
|
