FileWrangler Stack-Based Buffer Overflow Vulnerability Allowing Arbitrary Code Execution

A stack-based buffer overflow vulnerability has been identified in FileWrangler versions through 5.30. This vulnerability occurs when the application parses directory listings from an FTP server. A malicious server can exploit this by sending an overly long folder name in response to a LIST command, which leads to memory corruption during the rendering process on the client side. The exploitation of this vulnerability requires passive user interaction, as it is triggered simply by connecting to the FTP server without any additional input. Successful exploitation could allow for arbitrary code execution.

Impact

Exploitation of this vulnerability can lead to arbitrary code execution on the affected system.

Reproduction

The vulnerability can be reproduced by using a custom-built FTP client fuzzer, which is available as part of the Metasploit Framework. This fuzzer can be configured to send overly long directory names in response to FTP LIST commands, simulating the behavior of a malicious FTP server. When the FileWrangler client connects to this server and receives the crafted directory listing, the buffer overflow is triggered, potentially allowing for code execution.