[HUC] Serv-U FTPD 3.x/4.x "SITE CHMOD" Command remote exploit V2.0

To: "bugtraq" <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: [HUC] Serv-U FTPD 3.x/4.x "SITE CHMOD" Command remote exploit V2.0
From: "lion" <lion@xxxxxxxxxxxx>
Date: Mon, 2 Feb 2004 19:29:20 +0800
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

/*
*-----------------------------------------------------------------------
* 
* Servu.c - Serv-U FTPD 3.x/4.x "SITE CHMOD" Command
* Remote stack buffer overflow exploit
*
* Copyright (C) 2004 HUC All Rights Reserved.
*
* Author   : lion
*          : lion@xxxxxxxxxxxx
*          : http://www.cnhonker.com
* Date     : 2004-01-25
* Update   : 2004-02-01 v2.0 Change decode and target, can attack windows XP 
now.
*          : 2004-01-25 v1.0 Can attack Serv-U v3.0.0.20~v4.1.0.11
* Tested   : Windows 2000 Server EN/GB
*          :     + Serv-U v3.0.0.20~v4.1.0.11
*          : Windows XP GB
*          :     + Serv-U 4.x
* Notice   : *** Bug find by kkqq kkqq@xxxxxxxxx ***
*          : *** You need a valid account and a writable directory. ***
* Complie  : cl Servu.c
* Usage    : Servu <-i ip> <-t type> [-u user] [-p pass] [-d dir] [-f ftpport] 
[-c cbhost] [-s shellport]
*------------------------------------------------------------------------
*/

　　　　　　　　lion
　　　　　　　　lion@xxxxxxxxxxxx
　　　　　　　　　　2004-02-02

Attachment: servu.c
Description: Binary data

Prev by Date: Re: RFC: virus handling
Next by Date: sqwebmail web login
Previous by thread: MDKSA-2004:006-1 - Updated gaim packages fix multiple vulnerabilities
Next by thread: sqwebmail web login
Index(es):
- Date
- Thread