Any Way To Block Serv-u Exploit ?

Help - Search - Member List - Calendar

Full Version: Any Way To Block Serv-u Exploit ?

GovernmentSecurity.org > System Security > Beginners Section

night^man

Feb 13 2004, 12:51 PM

I try this on my box and it allways get crashed how i can stop it ?
help

AlessandroIT

Feb 13 2004, 01:04 PM

Update To 5.0

Hellraiseruk

Feb 13 2004, 01:35 PM

agree with AlessandroIT

Copkill

Feb 13 2004, 03:05 PM

No way, use Serv-U 5.0 !!!

streetsurfer

Feb 13 2004, 05:44 PM

whats this servu 3/4 exploit?

predx

Feb 13 2004, 05:52 PM

im pretty sure you have login with an account before you can exploit so if the person cant login they cant exploit it....

liquidSilver

Feb 13 2004, 07:13 PM

QUOTE

No way, use Serv-U 5.0 !!!

QUOTE

Update To 5.0

QUOTE

agree with AlessandroIT

...Why did we need this comment? One is egnouf.. God..

oYost

Feb 13 2004, 07:21 PM

The problem with 5.0 is that u need a different key for each PC of a LAN :/

Use io

beenal

Feb 13 2004, 09:22 PM

QUOTE (oYost @ Feb 13 2004, 07:21 PM)

The problem with 5.0 is that u need a different key for each PC of a LAN :/

Use io

can't agree to that.

Have Servu 5.0 on several Machines running, and no probs with keys...It's just a matter of setting it up the right way

oYost

Feb 13 2004, 09:45 PM

Explain

studnikov

Feb 16 2004, 11:41 AM

if you search a key for the 5.0 .. you will notice there is a Corp key now and 5.0 doesnt need to be registered ever again .

Qlimax

Feb 17 2004, 04:25 PM

everybody say this...
use the serv-u 5.0 u can download it at: www.download.com
and if u need key for that PM me i send u

rockerx

Mar 5 2004, 12:09 PM

serv-u 5.0 is exploitable as well!!!
as far as i know there is no exploit for serv-u 2.5e

/* ex_servu.c - Serv-U FTPD 3.x/4.x/5.x "MDTM" Command remote overflow exploit
*
* Copyright © SST 2004 All rights reserved.
*
* private
*
* BUG find by bkbll (bkbll@cnhonker.com), cool! :ppPPppPPPpp

*
* code by Sam and 2004/01/07
* <chen_xiaobo@venustech.com.cn>
* <Sam@0x557.org>
*
*
* Revise History:
* 2004/01/14 add rebind shellcode :> we can bind shellport at ftpd port.
* 2004/01/09 connect back shellcode added

* 2004/01/08 21:04 upgrade now

, we put shellcode in file parameter
* we can attack pacthed serv-U ;PPPp by airsupply
* 2004/01/08 change shellcode working on serv-u 4.0/4.1/4.2 now
*

thx airsupply
*

Qlimax

Mar 5 2004, 04:27 PM

mmm u can do "space" an the login
ex. da da:da da@123.123.123.123:122

good luck

[eXPhase

Mar 5 2004, 05:08 PM

Version 5.0.0.4 is not exploitable anymore

So upgrade

And I've read something about a very long login message... maybe that works.

DaClueless

Mar 6 2004, 04:02 PM

QUOTE (rockerx @ Mar 5 2004, 12:09 PM)

serv-u 5.0 is exploitable as well!!!
as far as i know there is no exploit for serv-u 2.5e

Here is exploit for serv-u 2.5e also, so only use: serv-u 5.0.0.4

pwnZ

Mar 7 2004, 12:36 AM

disable mdtm command

TheAngel

Mar 7 2004, 09:13 AM

u can set a very long welcome msg in servu like that guy sayed
then the exploit gets no where, try to do the welcome msg with colors it may help

MpR

Mar 7 2004, 09:38 AM

one way to block the exploit is dont give anyone an account .. fill everything yourself .. The newer servu gets the lamer it is too use seems to get more " anti abuse " features such as multiple instances of it running key validation mdgay hashes servu blows best way to avoid the exploit is not too use it simplist aswell.. Check out slimftpd simplistic enough to use

DaClueless

Mar 7 2004, 04:20 PM

QUOTE (pwnZ @ Mar 7 2004, 12:36 AM)

disable mdtm command

When ask if you can disable MDTM command to protect serv-U, here is what the author says about it:

QUOTE

Rob, Serv-U coder
No, it would not. The part that causes the crash deals with parsing the
command. That's done before the check if MDTM should be allowed to change
the file's date/time.

Rob
-/-

Serv-U Author & Manager
Cat Soft, LLC

The only way to protect from exploit is upgrade to version 5.0.0.4

I hope that helps

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.