: 2000 : february : servu - ошибки и эксплоиты

[RU] switch to
English Version
Local / Remote D.o.S Attack in Serv-U FTP-Server v2.5b for Win9x/WinNT Vulnerability



=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-


    Date: Пт, 04 фев 2000  08:35:59

   От: Ussr Labs 

 Кому: BUGTRAQ@SECURITYFOCUS.COM

 Тема: Local / Remote D.o.S Attack in Serv-U FTP-Server v2.5b for Win9x/WinNT Vulnerability

--------------------------------------------------------------------------------




-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1



Local / Remote D.o.S Attack in Serv-U FTP-Server v2.5b for

Win9x/WinNT Vulnerability



USSR Advisory Code:   USSR-2000032



Release Date:

February 04, 2000



Systems Affected:

Serv-U FTP-Server v2.5b and maybe other versions.

Windows 95

Windows 98

Windows Nt 4.0 WorkStation

Windows Nt 4.0 Server





THE PROBLEM

UssrLabs found a buffer overflow, in one Windows Api

"SHGetPathFromIDList" This function

converts an item identifier list to a file system path, just one Api

who manage Links

files under windows.

If you have one malformed link file you can crash anything who try to

Translate from

.lnk file like EXPLORER.EXE. all common dialogs and so on (copy one

malformed link

file to the desktop,and you cant login intro the machine).

To made Serv-u crash just upload one malformed link file in any

serv-u

directory and type the ftp command LIST, and Server Crashh.



Note:

 this overflow no work under win2k



Example Malformed link in: http://www.ussrback.com/god.lnk



Binary or source for this Exploit:



http://www.ussrback.com/



Vendor Status:

Contacted.



Vendor   Url:  http://ftpserv-u.deerfield.com/

Program Url: http://ftpserv-u.deerfield.com/download.cfm



Credit: USSRLABS



SOLUTION

    Next version, personal code for handle links files.



Greetings:

Eeye, Attrition, w00w00, beavuh, Rhino9, ADM, L0pht, HNN,

Technotronic and

Wiretrip.



u n d e r g r o u n d  s e c u r i t y  s y s t e m s  r e s e a r c

h

http://www.ussrback.com





-----BEGIN PGP SIGNATURE-----

Version: PGPfreeware 6.5.2 for non-commercial use <http://www.pgp.com>



iQA/AwUBOJplPdybEYfHhkiVEQLY+gCfdMrTXXWhG77MAou3zkh4t9DCa/8AoOjD

N60pKz0Plb4BalLEyZ7CWp2y

=yaYK

-----END PGP SIGNATURE-----