u n d e r g r o u n d s e c u r i t y s y s t e m s r e s e a r c h

Local / Remote D.o.S Attack in Serv-U FTP-Server v2.5b for Win9x/WinNT Vulnerability

Serv-u	Serv-U FTP-Server v2.5x and maybe other versions.
Binary D.O.S dserv25b.exe link.bro For the executable Source of Binary D.O.S dserv25b.zip	USSR Advisory Code: USSR-2000032 Release Date: February 04, 2000 Systems Affected: Serv-U FTP-Server v2.5b and maybe other versions. Windows 95 Windows 98 Windows Nt 4.0 WorkStation Windows Nt 4.0 Server THE PROBLEM UssrLabs found a buffer overflow, in one Windows Api "SHGetPathFromIDList" This function converts an item identifier list to a file system path, just one Api who manage Links files under windows. If you have one malformed link file you can crash anything who try to Translate from .lnk file like EXPLORER.EXE. all common dialogs and so on (copy one malformed link file to the desktop,and you cant login intro the machine). To made Serv-u crash just upload one malformed link file in any serv-u directory and type the ftp command LIST, and Server Crashh. Note: this overflow no work under win2k Example Malformed link in: http://www.ussrback.com/god.lnk Vendor Status: Contacted. Vendor Url: http://ftpserv-u.deerfield.com/ Program Url: http://ftpserv-u.deerfield.com/download.cfm Credit: USSRLABS SOLUTION Next version, personal code for handle links files. Greetings: Eeye, Attrition, w00w00, beavuh, Rhino9, ADM, L0pht, HNN, Technotronic and Wiretrip.