FreeFloat FTP Server Buffer Overflow Vulnerability in MLS Command Handler

A critical buffer overflow vulnerability has been identified in FreeFloat FTP Server version 1.0. This issue arises in the MLS Command Handler, where the application improperly handles input buffer sizes, allowing for remote exploitation. The vulnerability has been publicly disclosed and is known to be easily exploitable, with no authentication required.

Impact

Exploitation of this vulnerability could lead to arbitrary code execution, allowing an attacker to gain a remote shell on the affected system.

Reproduction

The vulnerability can be reproduced by sending an excessive amount of data through the 'MLS' command. This overload causes the application to crash, demonstrating the buffer overflow condition. After identifying the offset needed to exploit the vulnerability, the payload can be crafted to include a reverse shell payload, which is then sent to the server using the vulnerable 'MLS' command.