Easy File Sharing HTTP Server Stack-Based Buffer Overflow Vulnerability

A stack-based buffer overflow vulnerability has been identified in Easy File Sharing HTTP Server version 7.2. This vulnerability arises when a crafted POST request is sent to the '/sendemail.ghp' endpoint, containing an excessively long Email parameter. The application does not properly validate the length of this field, leading to memory corruption. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary code with the privileges of the server process.

Impact

Exploitation of this vulnerability allows for arbitrary code execution with the privileges of the server process.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/sendemail.ghp' endpoint with an overly long Email parameter. This can be done using a tool like Metasploit, which has a module available for this specific vulnerability. The module exploits the buffer overflow by injecting a payload after the overflowed buffer, effectively executing arbitrary code.