Primary

Context

Freefloat FTP Server Stack-Based Buffer Overflow Vulnerability via USER Command

Vulnerability

A stack-based buffer overflow vulnerability has been identified in Freefloat FTP Server version 1.0.0. The issue arises because the server does not properly validate input received through the USER command, allowing remote attackers to overwrite memory and potentially execute arbitrary code. This vulnerability is triggered by sending an excessively long username, which overflows the buffer allocated for user authentication.

Impact

Exploitation of this vulnerability leads to a stack-based buffer overflow, allowing for arbitrary code execution on the affected system.

Reproduction

The vulnerability can be reproduced by sending a USER command with an overly long username parameter to the FTP server. This can be done using a network socket connection to the server's FTP port (21). The Metasploit Framework includes a module that automates this exploitation.

Added: Aug 5, 2025, 9:34 PM

Updated: Aug 5, 2025, 9:34 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

10.0

exploitability

9.7

remediation

8.3

relevance

0.3

threat

8.0

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

10.0

exploitability

9.7

remediation

8.3

relevance

0.3

threat

8.0

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Freefloat FTP Server Stack-Based Buffer Overflow Vulnerability via USER Command

Vulnerability

Impact

Reproduction

Affected Products

FreeFloat FTP Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating