FreeFloat FTP Server Buffer Overflow Vulnerability in PORT Command Handler

A critical buffer overflow vulnerability has been identified in FreeFloat FTP Server version 1.0.0. This issue arises in the PORT Command Handler, where the application improperly validates the size of input buffers, allowing for remote exploitation. The vulnerability has been publicly disclosed and is known to be easily exploitable, with no authentication required.

Impact

Exploitation of this vulnerability leads to a buffer overflow, allowing for arbitrary code execution on the affected system. The successful exploitation has been demonstrated to provide a remote shell with the privileges of the user running the FTP server.

Reproduction

The vulnerability can be reproduced by sending an excessive amount of data through the PORT command. This overloads the application's buffer, causing it to crash and indicating a buffer overflow condition. Once the vulnerability is confirmed, the exploitation involves calculating the precise offset needed to overwrite the Extended Instruction Pointer (EIP) and redirect execution to a payload, such as a reverse shell. This process can be automated with a crafted exploit, as demonstrated by the published proof-of-concept.