FTP Serv-U Subject to DoS - 30 Nov 1999

 
FTP
Serv-U Server Subject to DoS
Reported December 2, 1999 by USSRLABS

VERSIONS AFFECTED
FTP Serv-U v2.5a

DESCRIPTION

UssrLabs reported a possible denial of service attack against FTP Serv-U v2.5a due to a buffer overflow condition. The buffer overflow is caused by a malformed SITE command.

DEMONSTRATION

A demonstration program is available at http://www.ussrback.com/servu

VENDOR RESPONSE

Deerfield.com has been aware of the problem and has released a new version, v2.5b, that corrects this issue.

CREDITS
Discovered by USSRLABS, who acknowledged Dark Spyrit for help

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish