FTPPad Stack-Based Buffer Overflow Vulnerability

A stack-based buffer overflow vulnerability has been identified in FTPPad versions through 1.2.0. This vulnerability arises in the FTP directory listing parser, where the application fails to properly validate the length of directory and filename data received in response to a LIST command. As a result, remote attackers can craft responses that include excessively long filenames, leading to a buffer overflow. This overflow overwrites the saved Extended Instruction Pointer (EIP), allowing for the execution of arbitrary code.

Impact

Exploitation of this vulnerability causes a stack-based buffer overflow, which can be leveraged to execute arbitrary code on the affected system.

Reproduction

The vulnerability can be reproduced by using a custom-built FTP client fuzzer, which is available as a Metasploit module. This fuzzer sends overly long directory listings to the FTPPad client, triggering the buffer overflow. The Metasploit module handles the exploitation by establishing a data connection and sending a crafted directory listing that includes the payload, which is then executed by the application.