FreeFloat FTP Server Buffer Overflow Vulnerability in REIN Command Handler

A critical buffer overflow vulnerability has been identified in FreeFloat FTP Server version 1.0. This issue arises in the REIN Command Handler component, allowing remote exploitation. The vulnerability has been publicly disclosed and could be used to execute arbitrary code on the affected system.

Impact

Exploitation of this vulnerability leads to a buffer overflow condition, allowing for arbitrary code execution on the affected system.

Reproduction

The vulnerability can be reproduced by sending an excessive amount of data through the 'REIN' command, which causes the application to crash, indicating a buffer overflow. After confirming the buffer overflow, the exploitation involves calculating the offset needed to overwrite the Extended Instruction Pointer (EIP) and injecting a payload that includes shellcode, such as a reverse shell, into the application. This payload is then executed with the privileges of the user running the FTP server.