Bugtraq mailing list archives

Remote DoS Attack in Serv-U FTP-Server v2.5a Vulnerability

From: labs () USSRBACK COM (Ussr Labs)
Date: Thu, 2 Dec 1999 07:14:37 -0300


Remote DoS Attack in Serv-U FTP-Server v2.5a Vulnerability

PROBLEM:

UssrLabs found a Local/Remote DoS Attack in Serv-U FTP-Server v2.5a,

The buffer overflow is caused by a bad Formed (SITE) command

For the source / binary of this remote / local D.O.S

Go to: http://www.ussrback.com/servu/

Vendor Status:
Informed,  technical support request number is 101562

Vendor   Url:  http://ftpserv-u.deerfield.com/
Program Url: http://ftpserv-u.deerfield.com/download.cfm

Credit: thanks to dark spyrit for letting us know about this.

SOLUTION
    Nothing yet.

u n d e r g r o u n d  s e c u r i t y  s y s t e m s  r e s e a r c h
http://www.ussrback.com

Current thread:

Fwd: RE: Multiples Remotes DoS Attacks in MDaemon Server v2.8.5.0 Vulnerability Arvel Hathcock (Nov 30)
- Re: Multiples Remotes DoS Attacks in MDaemonServer v2.8.5.0Vulnerability Nobuo Miwa (Dec 01)
- Insecure default permissions for MailMan Professional Edition, version 3.0.18 S, Jared (Dec 01)
- Remote DoS Attack in Serv-U FTP-Server v2.5a Vulnerability Ussr Labs (Dec 02)
- Slackware 7.0 - login bug Stewart Gebbie (Dec 02)