PCMan FTP Server Buffer Overflow Vulnerability in SET Command Handler

A critical buffer overflow vulnerability has been identified in PCMan FTP Server version 2.0.7. This issue arises in the SET Command Handler component, where an unknown input processing flaw allows for excessive data to be sent, leading to a buffer overflow condition. The vulnerability can be exploited remotely, without any authentication requirements.

Impact

Exploitation of this vulnerability allows for a buffer overflow condition, which can be used to execute arbitrary code on the affected system. In this case, the vulnerability has been exploited to gain a remote shell with the privileges of the user running the FTP server.

Reproduction

The vulnerability can be reproduced by sending a large amount of data through the 'SET' command. This overloads the application's buffer capacity, causing it to crash and indicating a buffer overflow. After confirming the vulnerability, the exploitation can be automated using a crafted payload that includes shellcode, such as a reverse shell, which is injected into the application via the 'SET' command. The exploitation process involves calculating the precise offset needed to overwrite the Extended Instruction Pointer (EIP) and redirect execution to the injected shellcode, effectively executing commands on the system remotely.