module
freeFTPd PASS Command Buffer Overflow
| Disclosed | Created |
|---|---|
| Aug 20, 2013 | May 30, 2018 |
Disclosed
Aug 20, 2013
Created
May 30, 2018
Description
freeFTPd 1.0.10 and below contains an overflow condition that is triggered as
user-supplied input is not properly validated when handling a specially crafted
PASS command. This may allow a remote attacker to cause a buffer overflow,
resulting in a denial of service or allow the execution of arbitrary code.
freeFTPd must have an account set to authorization anonymous user account.
user-supplied input is not properly validated when handling a specially crafted
PASS command. This may allow a remote attacker to cause a buffer overflow,
resulting in a denial of service or allow the execution of arbitrary code.
freeFTPd must have an account set to authorization anonymous user account.
Authors
Wireghoul
TecR0c [email protected]
TecR0c [email protected]
Platform
Windows
Architectures
x86
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.