FreeFloat FTP Server Buffer Overflow Vulnerability in TYPE Command Handler

A critical buffer overflow vulnerability has been identified in FreeFloat FTP Server version 1.0. The issue arises in the TYPE Command Handler, where an unknown functionality can be manipulated, potentially allowing for remote exploitation.

Impact

Exploitation of this vulnerability leads to a buffer overflow, which can commonly result in arbitrary code execution or causing a crash.

Reproduction

The vulnerability can be reproduced by sending a crafted payload through the TYPE command via FTP. The payload must be designed to overflow the buffer, which can be achieved by using a Perl script that connects to the FTP server, logs in with anonymous credentials, and sends the exploit payload as part of the TYPE command. The payload should include a reverse shell payload generated by msfvenom, after bypassing certain bad characters.