FreeFloat FTP Server Buffer Overflow Vulnerability in PROMPT Command Handler

A critical buffer overflow vulnerability has been identified in FreeFloat FTP Server version 1.0. The issue arises in the PROMPT Command Handler, where an unknown function improperly handles input, allowing for a buffer overflow. This vulnerability can be exploited remotely, without authentication, potentially leading to arbitrary code execution.

Impact

Exploitation of this vulnerability allows for a remote shell to be obtained on the affected system.

Reproduction

The vulnerability can be reproduced by sending an excessive amount of data through the 'PROMPT' command. This causes the application to crash, indicating a buffer overflow condition. The offset for the buffer overflow can be determined using tools like 'msf-pattern_create' and 'msf-pattern_offset'. After identifying the offset, the stack can be manipulated by finding a 'JMP ESP' address using 'mona'. The exploit can be crafted by removing bad characters, adding a payload, and sending the crafted data through the 'PROMPT' command.