FreeFloat FTP Server Buffer Overflow Vulnerability in CDUP Command Handler

A critical buffer overflow vulnerability has been identified in FreeFloat FTP Server version 1.0. This issue arises in the CDUP Command Handler, where the server improperly processes input, leading to a buffer overflow condition. The vulnerability can be exploited remotely, without any authentication requirements.

Impact

Exploitation of this vulnerability allows for a buffer overflow, which can be used to execute arbitrary code on the affected system. In this case, the exploitation was demonstrated by executing a reverse shell payload, providing the attacker with remote access to the system with the privileges of the user running the FTP server.

Reproduction

The vulnerability can be reproduced by sending an excessive amount of data through the 'CDUP' command. This overloads the application's input handling, causing it to crash and indicating a buffer overflow condition. Once the vulnerability is triggered, the EIP (Extended Instruction Pointer) can be overwritten by calculating the precise offset needed. After successfully exploiting the vulnerability, a reverse shell can be obtained on the target system.