Serv-U is a "powerful, easy-to-use, award-winning FTP server" created by Rob Beckers. A vulnerability in the product allows a remote user to cause the server to fail by sending a malformed LIST command to the server.
SecurITeam would like to thank STORM for finding this vulnerability.
* Serv-U version 18.104.22.168 and prior
* Serv-U 22.214.171.124 and newer
A user issuing a long parameter (around 134 bytes) as a value for a LIST command (using the -l: parameter for that LIST command), can cause the server to try and read a value that is outside the memory location of the Serv-U's memory, this will cause an exception to be triggered (an unhandled exception), which in turn causes the program to crash.