serve-U.DoS.txt

`Date: Thu, 11 Feb 1999 21:36:13 -0600  
From: Ryan Sweat <[email protected]>  
To: [email protected]  
Subject: Buffer overflow in Serve-U  
  
I have successfully reprocuded this overflow in the newest Version of Serve-U.  
It totally crashes the ftp program, and also causes stack fault module in tcp/ip stack rendering  
the network connectivity useless. About 10 seconds later, the machine will become unresponsive  
and has to be hard rebooted. This affects every Win98 machine i have tested on, however, an NT  
box with SP4 hung the program until the exploit was killed, but not crashing the serve-u itself.  
The exploit is very simple.  
Send a file about 1 meg in size to serve-u's ftp port (21). This can be done with  
cat filename | nc hostname 21  
  
Ryan Sweat  
[email protected]  
  
----------------------------------------------------------------------------------  
  
Date: Fri, 12 Feb 1999 21:04:55 -0500  
>From: Rob Beckers <[email protected]>  
Reply-To: [email protected]  
To: [email protected]  
Subject: Re: FW: Buffer overflow in Serve-U  
  
As far as I know Serv-U v2.4a won't crash on NT4. It will crash on Win95/98  
if someone sends large blocks of junk. I've traced those crashes to happen  
in KERNEL32.EXE, and the call stack does not show any Serv-U involvement  
(except that the DLL was working on Serv-U's behalf so it crashes the  
Serv-U task). This seems to be a bug in MS's socket stack and not something  
I can fix.  
  
If someone has code that crashes Serv-U 2.4a on NT4 please let me know. I'd  
be very interested in tracing the crash in Serv-U in that case, and fix  
things if possible.  
  
Rob  
-/-  
  
-- "An eye for an eye will leave the whole world blind" (Gandhi) --  
Check out http://www.ftpserv-u.com for all about Serv-U v2.4a  
  
`