FreeFloat FTP Server Buffer Overflow Vulnerability in DEBUG Command Handler

A critical buffer overflow vulnerability has been identified in FreeFloat FTP Server version 1.0. The issue arises in the DEBUG Command Handler component, where the application improperly validates the size of input buffers, allowing for remote exploitation. This vulnerability has been publicly disclosed and is known to impact the application's confidentiality, integrity, and availability.

Impact

Exploitation of this vulnerability leads to a buffer overflow, allowing for arbitrary code execution. The public exploit available demonstrates this by creating a reverse shell payload.

Reproduction

The vulnerability can be reproduced by sending an excessive amount of data through the 'DEBUG' command. This overload causes the application to crash, indicating a buffer overflow condition. After identifying the offset needed to exploit the vulnerability, the payload can be crafted to include a reverse shell payload, which is then sent to the server using the 'DEBUG' command.