FTP
Serv-U Server Subject to DoS
Reported December 2, 1999 by USSRLABS
VERSIONS AFFECTED
FTP Serv-U v2.5a

DESCRIPTION

UssrLabs reported a possible denial of service attack against FTP Serv-U v2.5a due to a buffer overflow condition. The buffer overflow is caused by a malformed SITE command.

DEMONSTRATION

A demonstration program is available at http://www.ussrback.com/servu

VENDOR RESPONSE

Deerfield.com has been aware of the problem and has released a new version, v2.5b, that corrects this issue.

CREDITS
Discovered by USSRLABS, who acknowledged Dark Spyrit for help