| VID |
12024 |
| Severity |
30 |
| Port |
21 |
| Protocol |
TCP |
| Class |
FTP |
| Detailed Description |
The Serv-U FTP daemon is vulnerable to a Denial of Service via a large number of null bytes.
Serv-U FTP server is a powerful, easy-to-use FTP server for Windows. The version Serv-U 2.5e is affected a denial of service attack, causes the FTP server to crash. A remote attacker can send the multiple null stream including a large number of null bytes as the follow :
0x000x00...["0x000x00(null byte)"*5000]...0x000x00
It will cause the server to stack fault and crash, then result to a denial of service. The system, the Serv-U FTP daemon is running on, may become sluggish/unstable and eventually bluescreen. Restarting the server is required it to return regular functionality.
* Platforms Affected :
Serv-U FTP 2.5e or any version
* References:
http://www.iss.net/security_center/static/5029.php
http://archives.neohapsis.com/archives/bugtraq/2000-08/att-0003/01-servu25e.txt |
| Recommendation |
Upgrade to the FTP serv-U (2.5f or later) or the latest version, available from the FTP serv-U web site, http://www.serv-u.com or Cat Soft web site, http://www.cat-soft.com
Now the latest version, FTP Serv-U 4.1.0.3 version is released on Jan. 3, 2003. |
| Related URL |
CVE-2000-0837 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
