FreeFloat FTP Server Buffer Overflow Vulnerability in HOST Command Handler

A critical buffer overflow vulnerability has been identified in FreeFloat FTP Server version 1.0. This issue arises in the HOST Command Handler, where the application improperly handles input, allowing for excessive data to be sent and overwriting memory. The vulnerability can be exploited remotely, without any authentication.

Impact

Exploitation of this vulnerability leads to a buffer overflow, allowing for arbitrary code execution. In the published proof-of-concept exploit, a reverse shell is obtained on the target system, with commands executed under the privileges of the vulnerable process.

Reproduction

The vulnerability can be reproduced by sending a large amount of data through the 'HOST' command. This overloads the application's buffer capacity, causing it to crash and indicating a buffer overflow condition. The exact offset needed to overwrite the Extended Instruction Pointer (EIP) was determined using Metasploit Framework tools, after which a payload was crafted to exploit the vulnerability. This payload was then sent via the 'HOST' command, successfully exploiting the buffer overflow and achieving code execution.