PCMan FTP Server Buffer Overflow Vulnerability in DIR Command Handler

A critical buffer overflow vulnerability has been identified in PCMan FTP Server version 2.0.7. The issue arises in the DIR command handler, where an unknown function improperly manages input buffer sizes, allowing for remote exploitation. This vulnerability has been publicly disclosed and is available as a proof-of-concept exploit.

Impact

Exploitation of this vulnerability can lead to a buffer overflow, allowing for arbitrary code execution on the affected system.

Reproduction

The vulnerability can be reproduced by sending an excessive amount of data through the 'DIR' command. This causes the application to crash, indicating a buffer overflow condition. After identifying the offset needed to exploit the vulnerability, the exploit can be executed by connecting to the FTP server and sending the crafted payload via the 'DIR' command.