[9560] in bugtraq
Re: FW: Buffer overflow in Serve-U (fwd)
daemon@ATHENA.MIT.EDU (Chuck Rock)
Sat Feb 13 17:21:15 1999
Date: Sat, 13 Feb 1999 10:50:40 -0600
Reply-To: Chuck Rock <carock@KIRA.EPCONLINE.NET>
From: Chuck Rock <carock@KIRA.EPCONLINE.NET>
To: BUGTRAQ@NETSPACE.ORG
This message is forwarded from one of the programmers for Serv-U FTP
software....
---------- Forwarded message ----------
Date: Fri, 12 Feb 1999 21:04:55 -0500
From: Rob Beckers <Rob@cat-soft.com>
Reply-To: serv-u@cat-soft.com
To: serv-u@cat-soft.com
Subject: Re: FW: Buffer overflow in Serve-U
As far as I know Serv-U v2.4a won't crash on NT4. It will crash on Win95/98
if someone sends large blocks of junk. I've traced those crashes to happen
in KERNEL32.EXE, and the call stack does not show any Serv-U involvement
(except that the DLL was working on Serv-U's behalf so it crashes the
Serv-U task). This seems to be a bug in MS's socket stack and not something
I can fix.
If someone has code that crashes Serv-U 2.4a on NT4 please let me know. I'd
be very interested in tracing the crash in Serv-U in that case, and fix
things if possible.
Rob
-/-
-- "An eye for an eye will leave the whole world blind" (Gandhi) --
Check out http://www.ftpserv-u.com for all about Serv-U v2.4a
-------------------------------------------------------------------
--On Friday, February 12, 1999, 2:34 PM -0500 Chuck Rock
<carock@epconline.net> wrote:
> Is this for real?
>
> -----Original Message-----
> From: Bugtraq List [mailto:BUGTRAQ@netspace.org] On Behalf Of Ryan Sweat
> Sent: Thursday, February 11, 1999 9:36 PM
> To: BUGTRAQ@netspace.org
> Subject: Buffer overflow in Serve-U
>
>
> I have successfully reprocuded this overflow in the newest Version of
> Serve-U.
> It totally crashes the ftp program, and also causes stack fault module in
> tcp/ip stack rendering the network connectivity useless. About 10 seconds
> later, the machine will become unresponsive and has to be hard rebooted.
> This affects every Win98 machine i have tested on, however, an NT box with
> SP4 hung the program until the exploit was killed, but not crashing the
> serve-u itself.
> The exploit is very simple.
> Send a file about 1 meg in size to serve-u's ftp port (21). This can be
> done with
> cat filename | nc hostname 21
>
> Ryan Sweat
> ryans@ih2000.net
>
To leave the Serv-U discussion list send E-mail to:
Serv-U-request@cat-soft.com with a single line in the
message body, reading "unsubscribe" (without quotes)
