FreeFloat FTP Server Buffer Overflow Vulnerability in DELETE Command Handler

A critical buffer overflow vulnerability has been identified in FreeFloat FTP Server version 1.0. The issue arises in the DELETE command handler, where the server improperly validates the size of input buffers, allowing for excessive data to be sent and overwriting adjacent memory. This vulnerability can be exploited remotely without authentication, potentially leading to arbitrary code execution.

Impact

Exploitation of this vulnerability allows for a buffer overflow, which can be leveraged to execute arbitrary code on the affected system, according to the exploit author.

Reproduction

The vulnerability can be reproduced by sending a crafted DELETE command that includes an excessive amount of data, surpassing the buffer size limits. This can be done using a network socket connection to the FTP server's command port (21). The exploit payload should be generated to include a reverse shell payload, after finding the appropriate offset to overwrite the return address with a JMP ESP instruction, directing execution to the shellcode payload.