Re: FW: Buffer overflow in Serve-U (fwd)

From: Chuck Rock (carockat_private)
Date: Sat Feb 13 1999 - 08:50:40 PST

Next message: Paul Leach: "Re: PPTP Revisited"

Previous message: Alfonso De Gregorio: "traceroute as a flooder"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This message is forwarded from one of the programmers for Serv-U FTP
software....

---------- Forwarded message ----------
Date: Fri, 12 Feb 1999 21:04:55 -0500
From: Rob Beckers <Rob@cat-soft.com>
Reply-To: serv-u@cat-soft.com
To: serv-u@cat-soft.com
Subject: Re: FW: Buffer overflow in Serve-U

As far as I know Serv-U v2.4a won't crash on NT4. It will crash on Win95/98
if someone sends large blocks of junk. I've traced those crashes to happen
in KERNEL32.EXE, and the call stack does not show any Serv-U involvement
(except that the DLL was working on Serv-U's behalf so it crashes the
Serv-U task). This seems to be a bug in MS's socket stack and not something
I can fix.

If someone has code that crashes Serv-U 2.4a on NT4 please let me know. I'd
be very interested in tracing the crash in Serv-U in that case, and fix
things if possible.

        Rob
        -/-

-- "An eye for an eye will leave the whole world blind" (Gandhi) --
    Check out http://www.ftpserv-u.com for all about Serv-U v2.4a
-------------------------------------------------------------------


--On Friday, February 12, 1999, 2:34 PM -0500 Chuck Rock
<carockat_private> wrote:

> Is this for real?
>
> -----Original Message-----
> From: Bugtraq List [mailto:BUGTRAQat_private] On Behalf Of Ryan Sweat
> Sent: Thursday, February 11, 1999 9:36 PM
> To: BUGTRAQat_private
> Subject: Buffer overflow in Serve-U
>
>
>      I have successfully reprocuded this overflow in the newest Version of
> Serve-U.
> It totally crashes the ftp program, and also causes stack fault module in
> tcp/ip stack rendering the network connectivity useless.  About 10 seconds
> later, the machine will become unresponsive and has to be hard rebooted.
> This affects every Win98 machine i have tested on, however, an NT box with
> SP4 hung the program until the exploit was killed, but not crashing the
> serve-u itself.
>      The exploit is very simple.
> Send a file about 1 meg in size to serve-u's ftp port (21).  This can be
> done with
>      cat filename | nc hostname 21
>
> Ryan Sweat
> ryansat_private
>


To leave the Serv-U discussion list send E-mail to:
Serv-U-request@cat-soft.com with a single line in the
message body, reading "unsubscribe" (without quotes)

Next message: Paul Leach: "Re: PPTP Revisited"
Previous message: Alfonso De Gregorio: "traceroute as a flooder"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:34:36 PDT