-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Local / Remote D.o.S Attack in Serv-U FTP-Server v2.5b for
Win9x/WinNT Vulnerability

USSR Advisory Code:   USSR-2000032

Release Date:
February 04, 2000

Systems Affected:
Serv-U FTP-Server v2.5b and maybe other versions.
Windows 95
Windows 98
Windows Nt 4.0 WorkStation
Windows Nt 4.0 Server


THE PROBLEM
UssrLabs found a buffer overflow, in one Windows Api
"SHGetPathFromIDList" This function 
converts an item identifier list to a file system path, just one Api
who manage Links
files under windows.
If you have one malformed link file you can crash anything who try to
Translate from 
.lnk file like EXPLORER.EXE. all common dialogs and so on (copy one
malformed link 
file to the desktop,and you cant login intro the machine).
To made Serv-u crash just upload one malformed link file in any
serv-u 
directory and type the ftp command LIST, and Server Crashh.

Note:
 this overflow no work under win2k

Example Malformed link in: http://www.ussrback.com/god.lnk

Binary or source for this Exploit: 

http://www.ussrback.com/

Vendor Status:
Contacted.

Vendor   Url:  http://ftpserv-u.deerfield.com/
Program Url: http://ftpserv-u.deerfield.com/download.cfm

Credit: USSRLABS

SOLUTION
    Next version, personal code for handle links files.

Greetings:
Eeye, Attrition, w00w00, beavuh, Rhino9, ADM, L0pht, HNN,
Technotronic and
Wiretrip.

u n d e r g r o u n d  s e c u r i t y  s y s t e m s  r e s e a r c
h
http://www.ussrback.com


-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.2 for non-commercial use <http://www.pgp.com>

iQA/AwUBOJpk5tybEYfHhkiVEQKClgCeLGzAF22XekE1PuQl1Gn0YFKWrw0AnjnW
0ERSgzfn2hLW0mykNlSgZeea
=ZU9/
-----END PGP SIGNATURE-----