Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Windows Net Apps :: serve-~1.txt

Serv-U Buffer Overflow

Date: Thu, 11 Feb 1999 21:36:13 -0600
From: Ryan Sweat <ryans@IH2000.NET>
Subject: Buffer overflow in Serve-U

     I have successfully reprocuded this overflow in the newest Version of Serve-U.
It totally crashes the ftp program, and also causes stack fault module in tcp/ip stack rendering
the network connectivity useless.  About 10 seconds later, the machine will become unresponsive
and has to be hard rebooted.  This affects every Win98 machine i have tested on, however, an NT
box with SP4 hung the program until the exploit was killed, but not crashing the serve-u itself.
     The exploit is very simple.
Send a file about 1 meg in size to serve-u's ftp port (21).  This can be done with
     cat filename | nc hostname 21
Ryan Sweat


Date: Fri, 12 Feb 1999 21:04:55 -0500
>From: Rob Beckers <>
Subject: Re: FW: Buffer overflow in Serve-U

As far as I know Serv-U v2.4a won't crash on NT4. It will crash on Win95/98
if someone sends large blocks of junk. I've traced those crashes to happen
in KERNEL32.EXE, and the call stack does not show any Serv-U involvement
(except that the DLL was working on Serv-U's behalf so it crashes the
Serv-U task). This seems to be a bug in MS's socket stack and not something
I can fix.

If someone has code that crashes Serv-U 2.4a on NT4 please let me know. I'd
be very interested in tracing the crash in Serv-U in that case, and fix
things if possible.


-- "An eye for an eye will leave the whole world blind" (Gandhi) --
    Check out for all about Serv-U v2.4a

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH