home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Hacker's Arsenal - The Cutting Edge of Hacking
/
Hacker's Arsenal - The Cutting Edge of Hacking.iso
/
texts
/
misc
/
serve-U_DoS.txt
< prev
next >
Wrap
Internet Message Format
|
2001-07-11
|
2KB
Date: Thu, 11 Feb 1999 21:36:13 -0600
From: Ryan Sweat <ryans@IH2000.NET>
To: BUGTRAQ@netspace.org
Subject: Buffer overflow in Serve-U
I have successfully reprocuded this overflow in the newest Version of Serve-U.
It totally crashes the ftp program, and also causes stack fault module in tcp/ip stack rendering
the network connectivity useless. About 10 seconds later, the machine will become unresponsive
and has to be hard rebooted. This affects every Win98 machine i have tested on, however, an NT
box with SP4 hung the program until the exploit was killed, but not crashing the serve-u itself.
The exploit is very simple.
Send a file about 1 meg in size to serve-u's ftp port (21). This can be done with
cat filename | nc hostname 21
Ryan Sweat
ryans@ih2000.net
----------------------------------------------------------------------------------
Date: Fri, 12 Feb 1999 21:04:55 -0500
>From: Rob Beckers <Rob@cat-soft.com>
Reply-To: serv-u@cat-soft.com
To: serv-u@cat-soft.com
Subject: Re: FW: Buffer overflow in Serve-U
As far as I know Serv-U v2.4a won't crash on NT4. It will crash on Win95/98
if someone sends large blocks of junk. I've traced those crashes to happen
in KERNEL32.EXE, and the call stack does not show any Serv-U involvement
(except that the DLL was working on Serv-U's behalf so it crashes the
Serv-U task). This seems to be a bug in MS's socket stack and not something
I can fix.
If someone has code that crashes Serv-U 2.4a on NT4 please let me know. I'd
be very interested in tracing the crash in Serv-U in that case, and fix
things if possible.
Rob
-/-
-- "An eye for an eye will leave the whole world blind" (Gandhi) --
Check out http://www.ftpserv-u.com for all about Serv-U v2.4a