PCMan FTP Server Buffer Overflow Vulnerability in PLS Command Handler

A critical buffer overflow vulnerability has been identified in PCMan FTP Server version 2.0.7. This issue arises in the PLS Command Handler component, where the application improperly handles input, leading to a buffer overflow condition. The vulnerability can be exploited remotely, without any authentication requirements.

Impact

Exploitation of this vulnerability allows for a buffer overflow, which can commonly lead to arbitrary code execution or causing the application to crash.

Reproduction

The vulnerability can be reproduced by sending an excessive amount of data through the 'PLS' command. This overloads the application's input handling, causing it to crash and indicating a buffer overflow condition. Once the overflow is triggered, the EIP (Extended Instruction Pointer) can be overwritten to redirect execution to injected shellcode, effectively exploiting the vulnerability.