From: Ryan Sweat 
To: BUGTRAQ@netspace.org
Date: Thu, 11 Feb 1999 21:36:13 -0600
Subject: Buffer overflow in Serve-U

On Thu, 11 Feb 1999, Ryan Sweat wrote:

     I have successfully reprocuded this overflow in the newest Version 
of Serve-U.  It totally crashes the ftp program, and also causes stack
fault module in tcp/ip stack rendering the network connectivity useless.
About 10 seconds later, the machine will become unresponsive and has to
be hard rebooted.  This affects every Win98 machine i have tested on,
however, an NT box with SP4 hung the program until the exploit was
killed, but not crashing the serve-u itself.
     The exploit is very simple.
Send a file about 1 meg in size to serve-u's ftp port (21).  This can be done with
     cat filename | nc hostname 21

Ryan Sweat
ryans@ih2000.net