Notified:  December 20, 2001 Updated: January 16, 2002

Status

Affected

Vendor Statement

"Surgeftp has many settings, and you can configure it to give you access to the entire filesystem with access rights of the username that you logged in with, which works great when you have it all set up correctly, unfortunately Windows isn't configured in the best way (from fresh install) for the access rights to work correctly."

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.