COMMAND

    Serve-U (ftpd)

SYSTEMS AFFECTED

    Win 9x

PROBLEM

    Ryan Sweat found following.   He has successfully reprocuded  this
    overflow in the newest Version of Serve-U.  It totally crashes the
    ftp program, and  also causes stack  fault module in  tcp/ip stack
    rendering  the  network  connectivity  useless.   About 10 seconds
    later, the  machine will  become unresponsive  and has  to be hard
    rebooted.  This affects every Win98 machine tested on, however, an
    NT box with SP4 hung the program until the exploit was killed, but
    not crashing  the serve-u  itself.   The exploit  is very  simple.
    Send a file about 1 meg in size to serve-u's ftp port (21).   This
    can be done with

        cat filename | nc hostname 21

    Those crashes happen in KERNEL32.EXE, and the call stack does  not
    show any Serv-U  involvement (except that  the DLL was  working on
    Serv-U's behalf so it crashes the Serv-U task).  This seems to  be
    a bug in MS's socket stack.

SOLUTION

    Nothing yet.