Notified: December 20, 2001 Updated: January 16, 2002
Affected
"Surgeftp has many settings, and you can configure it to give you access to the entire filesystem with access rights of the username that you logged in with, which works great when you have it all set up correctly, unfortunately Windows isn't configured in the best way (from fresh install) for the access rights to work correctly."
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.