PCMan FTP Server Buffer Overflow Vulnerability in SMNT Command Handler

A critical buffer overflow vulnerability has been identified in PCMan FTP Server version 2.0.7. This issue arises in the SMNT Command Handler component, where improper processing can be exploited remotely, leading to a buffer overflow condition. The vulnerability has been publicly disclosed and is associated with a proof-of-concept exploit that demonstrates how to trigger the issue and gain a reverse shell on the affected system.

Impact

Exploitation of this vulnerability allows for a remote buffer overflow, which can be used to execute arbitrary code on the system, potentially leading to a full compromise.

Reproduction

The vulnerability can be reproduced by sending an excessive amount of data through the 'SMNT' command. This overload causes the application to crash, indicating a buffer overflow. After confirming the overflow, the offset required to overwrite the return address can be calculated using tools like 'msf-pattern_create' and 'msf-pattern_offset'. Once the offset is known, the payload can be crafted by adding the appropriate amount of padding, the address of a 'JMP ESP' instruction to gain control of the execution flow, and the shellcode generated with 'msfvenom'. This crafted payload is then sent via the 'SMNT' command, exploiting the buffer overflow to execute the shellcode and establish a reverse shell connection.