FreeFloat FTP Server Buffer Overflow Vulnerability in PBSZ Command Handler

A critical buffer overflow vulnerability has been identified in FreeFloat FTP Server version 1.0. The issue arises in the PBSZ Command Handler, where an excessive amount of data can be sent, leading to a buffer overflow condition. This vulnerability can be exploited remotely, causing the application to crash and potentially allowing for arbitrary code execution.

Impact

Exploitation of this vulnerability leads to a buffer overflow, causing the application to crash and potentially allowing for arbitrary code execution with the privileges of the vulnerable process.

Reproduction

The vulnerability can be reproduced by sending a large amount of data through the 'PBSZ' command on the FTP server. This overloads the buffer, causing the application to crash and indicating a successful buffer overflow condition. After the overflow is triggered, the EIP (Extended Instruction Pointer) can be overwritten to redirect execution to a payload, such as a reverse shell, demonstrating the exploitation of the vulnerability.