Position:home>Data disaster early warning> SurgeFTP Content-Length empty finger cites reject to serve flaw
SurgeFTP Content-Length empty finger cites reject to serve flaw
From;  Author:Stand originally

Get influence system:
NetWin SurgeFTP <= 2.3a2

Description:
SurgeFTP is program of service of a FTP, offer administrative interface program.

The process Web of SurgeFTP manages interface to handle flaw of the existence when deformation requests data, long-range aggressor may use this flaw to bring about a service to cannot be used.

If the client carries the sentence that delivered Content-Length parameter, the amount that SurgeFTP can try to be appointed according to this field place allocates memory (it is 2147483647 byte at most) , copy data creates buffer next. Because bisect deserves to fail an inspection as a result, if cannot allocate place to appoint quantitative memory, spark possibly during the copy empty finger cites, bring about whole server to break down.

Manufacturer patch:
At present the manufacturer has not offerred a patch to perhaps upgrade program, the homepage that we suggest the user that uses this software pays close attention to a manufacturer at any time in order to get newest version:

Http://netwinsite.com/