[9512] in bugtraq
Buffer overflow in Serve-U
daemon@ATHENA.MIT.EDU (Ryan Sweat)
Fri Feb 12 17:22:33 1999
Date: Thu, 11 Feb 1999 21:36:13 -0600
Reply-To: Ryan Sweat <ryans@IH2000.NET>
From: Ryan Sweat <ryans@IH2000.NET>
To: BUGTRAQ@NETSPACE.ORG
This is a multi-part message in MIME format.
------=_NextPart_000_000A_01BE5606.8C4E8060
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
I have successfully reprocuded this overflow in the newest Version =
of Serve-U.
It totally crashes the ftp program, and also causes stack fault module =
in tcp/ip stack rendering the network connectivity useless. About 10 =
seconds later, the machine will become unresponsive and has to be hard =
rebooted. This affects every Win98 machine i have tested on, however, =
an NT box with SP4 hung the program until the exploit was killed, but =
not crashing the serve-u itself.
The exploit is very simple.
Send a file about 1 meg in size to serve-u's ftp port (21). This can be =
done with
cat filename | nc hostname 21
Ryan Sweat
ryans@ih2000.net
------=_NextPart_000_000A_01BE5606.8C4E8060
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 HTML//EN">
<HTML>
<HEAD>
<META content=3Dtext/html;charset=3Diso-8859-1 =
http-equiv=3DContent-Type>
<META content=3D'"MSHTML 4.72.3110.7"' name=3DGENERATOR>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT color=3D#000000 size=3D2> I have =
successfully=20
reprocuded this overflow in the newest Version of Serve-U.</FONT></DIV>
<DIV><FONT size=3D2>It totally crashes the ftp program, and also causes =
stack=20
fault module in tcp/ip stack rendering the network connectivity =
useless. =20
About 10 seconds later, the machine will become unresponsive and has to =
be hard=20
rebooted. This affects every Win98 machine i have tested on, =
however, an=20
NT box with SP4 hung the program until the exploit was killed, but not =
crashing=20
the serve-u itself.</FONT></DIV>
<DIV><FONT size=3D2> The exploit is very=20
simple.</FONT></DIV>
<DIV><FONT size=3D2>Send a file about 1 meg in size to serve-u's ftp =
port=20
(21). This can be done with</FONT></DIV>
<DIV><FONT size=3D2> cat filename | nc hostname=20
21</FONT></DIV>
<DIV> </DIV>
<DIV><FONT size=3D2>Ryan Sweat</FONT></DIV>
<DIV><FONT size=3D2><A=20
href=3D"mailto:ryans@ih2000.net">ryans@ih2000.net</A></FONT></DIV></BODY>=
</HTML>
------=_NextPart_000_000A_01BE5606.8C4E8060--
