Xftp FTP Client Stack-Based Buffer Overflow Vulnerability via PWD Response

A stack-based buffer overflow vulnerability has been identified in Xftp FTP Client versions through 3.0 (build 0238). This vulnerability is triggered by a maliciously crafted PWD response from an FTP server. When the client receives an excessively long directory string in response to the PWD command, it fails to properly validate the input length before copying it into a fixed-size buffer. This oversight leads to memory corruption, allowing remote attackers to execute arbitrary code on the client system.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected client system.

Reproduction

The vulnerability can be reproduced by sending an overly long PWD response to the Xftp FTP client. This can be done by using an FTP server that responds to the PWD command with a directory string that exceeds the buffer size that Xftp can handle. The buffer overflow occurs when the client attempts to process this long response, leading to memory corruption and the potential execution of arbitrary code.