FreeFloat FTP Server Buffer Overflow Vulnerability in VERBOSE Command Handler

A critical buffer overflow vulnerability has been identified in FreeFloat FTP Server version 1.0. The issue arises in the VERBOSE command handler, where an unknown functionality can be manipulated to cause a buffer overflow. This vulnerability can be exploited remotely, and the public disclosure of the exploit indicates that it may be actively used.

Impact

Exploitation of this vulnerability leads to a buffer overflow, which can commonly result in arbitrary code execution or causing a crash of the application.

Reproduction

The vulnerability can be reproduced by sending a crafted payload through the VERBOSE command. The payload must be designed to overflow the buffer, which can be achieved by including a specific number of bytes to overwrite the return address and inject malicious code. This can be done using a simple FTP client that allows sending custom commands or by using a script that automates the process.