Freefloat FTP Server USER Command Buffer Overflow

Added: 01/26/2011
BID: 45181
OSVDB: 69621

Background

Freefloat is a software series developed directly for handheld terminals. Freefloat FTP Server is a free FTP server for various versions of Windows including Windows CE/Pocket PC.

Problem

Freefloat FTP Server is vulnerable to a stack overflow as a result of sending overly long replies. The vulnerability can be triggered by the attacker by sending the FTP server a USER command with an overly long username parameter.

Resolution

Use a firewall to restrict access to trusted computers, install an update from the vendor when one becomes available, or choose another FTP server.

References

http://secunia.com/advisories/42465/

Limitations

Exploit works on Freefloat FTP Server 1.0 on Microsoft Windows Server 2003 SP2 with KB956802 and KB956572.

Platforms

Windows

Back to exploit index