Date: Thu, 11 Feb 1999 21:36:13 -0600 From: Ryan Sweat To: BUGTRAQ@netspace.org Subject: Buffer overflow in Serve-U      I have successfully reprocuded this overflow in the newest Version of Serve-U. It totally crashes the ftp program, and also causes stack fault module in tcp/ip stack rendering the network connectivity useless.  About 10 seconds later, the machine will become unresponsive and has to be hard rebooted.  This affects every Win98 machine i have tested on, however, an NT box with SP4 hung the program until the exploit was killed, but not crashing the serve-u itself.      The exploit is very simple. Send a file about 1 meg in size to serve-u's ftp port (21).  This can be done with      cat filename | nc hostname 21   Ryan Sweat ryans@ih2000.net ---------------------------------------------------------------------------------- Date: Fri, 12 Feb 1999 21:04:55 -0500 >From: Rob Beckers Reply-To: serv-u@cat-soft.com To: serv-u@cat-soft.com Subject: Re: FW: Buffer overflow in Serve-U As far as I know Serv-U v2.4a won't crash on NT4. It will crash on Win95/98 if someone sends large blocks of junk. I've traced those crashes to happen in KERNEL32.EXE, and the call stack does not show any Serv-U involvement (except that the DLL was working on Serv-U's behalf so it crashes the Serv-U task). This seems to be a bug in MS's socket stack and not something I can fix. If someone has code that crashes Serv-U 2.4a on NT4 please let me know. I'd be very interested in tracing the crash in Serv-U in that case, and fix things if possible. Rob -/- -- "An eye for an eye will leave the whole world blind" (Gandhi) -- Check out http://www.ftpserv-u.com for all about Serv-U v2.4a