home *** CD-ROM | disk | FTP | other *** search
- Date: Thu, 11 Feb 1999 21:36:13 -0600
- From: Ryan Sweat <ryans@IH2000.NET>
- To: BUGTRAQ@netspace.org
- Subject: Buffer overflow in Serve-U
-
- áááá I have successfully reprocuded this overflow in the newest Version of Serve-U.
- It totally crashes the ftp program, and also causes stack fault module in tcp/ip stack rendering
- the network connectivity useless.á About 10 seconds later, the machine will become unresponsive
- and has to be hard rebooted.á This affects every Win98 machine i have tested on, however, an NT
- box with SP4 hung the program until the exploit was killed, but not crashing the serve-u itself.
- áááá The exploit is very simple.
- Send a file about 1 meg in size to serve-u's ftp port (21).á This can be done with
- áááá cat filename | nc hostname 21
- á
- Ryan Sweat
- ryans@ih2000.net
-
- ----------------------------------------------------------------------------------
-
- Date: Fri, 12 Feb 1999 21:04:55 -0500
- >From: Rob Beckers <Rob@cat-soft.com>
- Reply-To: serv-u@cat-soft.com
- To: serv-u@cat-soft.com
- Subject: Re: FW: Buffer overflow in Serve-U
-
- As far as I know Serv-U v2.4a won't crash on NT4. It will crash on Win95/98
- if someone sends large blocks of junk. I've traced those crashes to happen
- in KERNEL32.EXE, and the call stack does not show any Serv-U involvement
- (except that the DLL was working on Serv-U's behalf so it crashes the
- Serv-U task). This seems to be a bug in MS's socket stack and not something
- I can fix.
-
- If someone has code that crashes Serv-U 2.4a on NT4 please let me know. I'd
- be very interested in tracing the crash in Serv-U in that case, and fix
- things if possible.
-
- Rob
- -/-
-
- -- "An eye for an eye will leave the whole world blind" (Gandhi) --
- Check out http://www.ftpserv-u.com for all about Serv-U v2.4a
-
-
