Vulnerabilities > CVE-2007-3768 - Denial-Of-Service vulnerability in SurgeFTP

CVSS 8.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

COMPLETE

network

low complexity

netwin

NVD

Published: 2007-07-15

Updated: 2017-07-29

Summary

The mirror mechanism in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to cause a denial of service (restart) via a malformed response to a PASV command.

Vulnerable Configurations

Part	Description	Count
Application	Netwin Netwin Surgeftp 1.1H Netwin Surgeftp 2.0C Netwin Surgeftp 2.0D Netwin Surgeftp 2.0E Netwin Surgeftp 2.0F Netwin Surgeftp 2.2K1 Netwin Surgeftp 2.2K3 Netwin Surgeftp 2.2M1 Netwin Surgeftp 2.3A1	9

References

http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070710/98374694/attachment-0030.txt
http://marc.info/?l=full-disclosure&m=118409539009277&w=2
http://osvdb.org/37909
http://secunia.com/advisories/26061
http://securityreason.com/securityalert/2883
http://www.vupen.com/english/advisories/2007/2528
https://exchange.xforce.ibmcloud.com/vulnerabilities/35376