FreeFloat FTP Server Buffer Overflow Vulnerability in QUOTE Command Handler

A critical buffer overflow vulnerability has been identified in FreeFloat FTP Server version 1.0.0. This issue arises in the QUOTE Command Handler component, where the server improperly validates the size of input buffers before copying them, leading to a buffer overflow. The vulnerability can be exploited remotely without authentication.

Impact

Exploitation of this vulnerability causes a buffer overflow, which can lead to arbitrary code execution or a crash of the application.

Reproduction

The vulnerability can be reproduced by sending a crafted QUOTE command that includes an oversized payload. This payload should be designed to overflow the buffer and can be generated using a reverse shell payload created with msfvenom, excluding certain byte values that could terminate the payload prematurely. The overflow can be directed to the EIP register, using an address that points to a JMP ESP instruction in kernel32.dll, facilitating the execution of the injected payload.