Free Float FTP Buffer Overflow Vulnerability in STOR Command Allowing Remote Code Execution

A buffer overflow vulnerability has been identified in Free Float FTP Server version 1.0. The issue arises in the STOR command handler, where remote attackers can execute arbitrary code by sending a crafted STOR request with an oversized payload. The vulnerability allows authenticated users, using anonymous credentials, to exploit the FTP server by including 247 bytes of padding followed by a return address and shellcode in the STOR command. This exploitation leads to unauthorized code execution on the server.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the FTP server.

Reproduction

The vulnerability can be reproduced by sending a STOR command with a payload that includes 247 bytes of padding, followed by a return address and shellcode. This can be done using a Python script that connects to the FTP server, logs in with anonymous credentials, and sends the crafted STOR command. The shellcode can be generated using MSFVenom, targeting a reverse TCP payload.