FreeFloat FTP Server Buffer Overflow Vulnerability in NOOP Command Handler

A critical buffer overflow vulnerability has been identified in FreeFloat FTP Server version 1.0. The issue arises in the NOOP command handler, where an unknown function improperly manages input, allowing for remote exploitation. This vulnerability has been publicly disclosed and is actively exploitable.

Impact

Exploitation of this vulnerability leads to a buffer overflow, allowing for arbitrary code execution on the affected system. The successful exploitation has been demonstrated to provide a remote shell with the privileges of the user running the FTP server.

Reproduction

The vulnerability can be reproduced by sending an excessive amount of data through the NOOP command. This overloads the application's buffer, causing it to crash and indicating a buffer overflow condition. Once the vulnerability is confirmed, the exploitation can be automated using a crafted payload that includes shellcode, such as a reverse shell, which is sent in place of the normal NOOP command payload.