PCMan FTP Server PASV Command Buffer Overflow Vulnerability

A critical buffer overflow vulnerability has been identified in PCMan FTP Server version 2.0.7, specifically within the PASV Command Handler. This vulnerability allows for remote exploitation, where an attacker can manipulate input to cause a buffer overflow, potentially leading to arbitrary code execution or causing the application to crash.

Impact

Exploitation of this vulnerability causes a buffer overflow, which can lead to arbitrary code execution on the server where PCMan FTP Server is running.

Reproduction

The vulnerability can be reproduced by sending a PASV command with a crafted payload that exploits the buffer overflow. This can be done using a FTP client or a custom script that connects to the FTP server and sends the malicious PASV command. The payload should be designed to overwrite the return address and execute arbitrary code, such as a reverse shell.