PCMan FTP Server Buffer Overflow Vulnerability in MDTM Command Handler

A critical buffer overflow vulnerability has been identified in PCMan FTP Server version 2.0.7. This issue arises in the MDTM Command Handler, where the application improperly processes input, allowing for a buffer overflow. The vulnerability can be exploited remotely, without requiring authentication. Successful exploitation could lead to arbitrary code execution, allowing an attacker to gain a remote shell on the affected system.

Impact

Exploitation of this vulnerability causes a buffer overflow, which can be leveraged to execute arbitrary code on the affected system. In this case, the exploitation allows for a remote shell to be obtained.

Reproduction

The vulnerability can be reproduced by sending an excessive amount of data through the 'MDTM' command. This overloads the application's input buffer, causing it to overflow and crash, which indicates the presence of the vulnerability. After confirming the buffer overflow, the exploit can be executed by overwriting the return address with a location that points to the injected shellcode, effectively hijacking the application's control flow.