This message is forwarded from one of the programmers for Serv-U FTP software.... ---------- Forwarded message ---------- Date: Fri, 12 Feb 1999 21:04:55 -0500 From: Rob Beckers <Rob@cat-soft.com> Reply-To: serv-u@cat-soft.com To: serv-u@cat-soft.com Subject: Re: FW: Buffer overflow in Serve-U As far as I know Serv-U v2.4a won't crash on NT4. It will crash on Win95/98 if someone sends large blocks of junk. I've traced those crashes to happen in KERNEL32.EXE, and the call stack does not show any Serv-U involvement (except that the DLL was working on Serv-U's behalf so it crashes the Serv-U task). This seems to be a bug in MS's socket stack and not something I can fix. If someone has code that crashes Serv-U 2.4a on NT4 please let me know. I'd be very interested in tracing the crash in Serv-U in that case, and fix things if possible. Rob -/- -- "An eye for an eye will leave the whole world blind" (Gandhi) -- Check out http://www.ftpserv-u.com for all about Serv-U v2.4a ------------------------------------------------------------------- --On Friday, February 12, 1999, 2:34 PM -0500 Chuck Rock <carockat_private> wrote: > Is this for real? > > -----Original Message----- > From: Bugtraq List [mailto:BUGTRAQat_private] On Behalf Of Ryan Sweat > Sent: Thursday, February 11, 1999 9:36 PM > To: BUGTRAQat_private > Subject: Buffer overflow in Serve-U > > > I have successfully reprocuded this overflow in the newest Version of > Serve-U. > It totally crashes the ftp program, and also causes stack fault module in > tcp/ip stack rendering the network connectivity useless. About 10 seconds > later, the machine will become unresponsive and has to be hard rebooted. > This affects every Win98 machine i have tested on, however, an NT box with > SP4 hung the program until the exploit was killed, but not crashing the > serve-u itself. > The exploit is very simple. > Send a file about 1 meg in size to serve-u's ftp port (21). This can be > done with > cat filename | nc hostname 21 > > Ryan Sweat > ryansat_private > To leave the Serv-U discussion list send E-mail to: Serv-U-request@cat-soft.com with a single line in the message body, reading "unsubscribe" (without quotes)
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:34:36 PDT