Gekko Manager FTP Client Stack-Based Buffer Overflow Vulnerability

A stack-based buffer overflow vulnerability has been identified in Gekko Manager FTP Client versions through 0.77. The issue arises in the FTP directory listing parser, where the client fails to properly validate the length of filenames in response to the LIST command. This oversight allows a crafted server response with an excessively long filename to overwrite the Structured Exception Handler (SEH), potentially leading to remote code execution.

Impact

Exploitation of this vulnerability causes a stack-based buffer overflow, allowing for memory corruption and potentially arbitrary code execution.

Reproduction

The vulnerability can be reproduced by using a custom-built FTP client fuzzer, which is available as a Metasploit module. This fuzzer sends overly long responses to FTP commands that the Gekko Manager FTP client does not properly sanitize. The Metasploit module 'exploit/windows/ftp/gekkomgr_list_reply' automates this process by establishing a data connection and sending a directory listing that includes the crafted payload, overwriting the SEH with a return address that can be controlled.