FreeFloat FTP Server Buffer Overflow Vulnerability in XMKD Command Handler

A critical buffer overflow vulnerability has been identified in FreeFloat FTP Server version 1.0. The issue arises in the XMKD Command Handler, where an unknown functionality can be manipulated, leading to a buffer overflow. This vulnerability can be exploited remotely, and the exploit has been publicly disclosed.

Impact

Exploitation of this vulnerability leads to a remote buffer overflow, which can commonly result in arbitrary code execution or causing a crash of the application.

Reproduction

The vulnerability can be reproduced by sending a crafted payload through the XMKD command. This payload should be designed to overflow the buffer, targeting the application's memory management. The exploit can be automated using a Perl script that establishes a connection to the FTP server, logs in with anonymous credentials, and sends the payload via the XMKD command.