FreeFloat FTP Server Buffer Overflow Vulnerability in CD Command Handler

A critical buffer overflow vulnerability has been identified in FreeFloat FTP Server version 1.0. The issue arises in the CD Command Handler component, where the application improperly handles input buffer sizes, allowing for remote exploitation. This vulnerability has been publicly disclosed, and an exploit is available.

Impact

Exploitation of this vulnerability leads to a buffer overflow, which can commonly result in arbitrary code execution or causing the application to crash.

Reproduction

The vulnerability can be reproduced by sending an excessive amount of data through the 'CD' command. This overloads the application's buffer, causing it to crash and indicating a successful buffer overflow condition. The offset for the overflow can be determined using tools like 'msf-pattern_create' and 'msf-pattern_offset'. After identifying the offset, the exploit can be crafted by finding a 'JMP ESP' address using 'mona', removing bad characters, and appending a payload generated with 'msfvenom'.