Freefloat FTPD Invalid Command Overflow

Added: 09/26/2011
BID: 48704

Background

Freefloat is a software series developed directly for handheld terminals. Freefloat FTP Server is a free FTP server for various versions of Windows including Windows CE/Pocket PC.

Problem

Freefloat FTP Server is vulnerable to a stack overflow as a result of sending overly long replies. The vulnerability can be triggered by the attacker by sending the FTP server an overly long unknown command.

Resolution

No update is available at this time. Use a firewall to restrict access to trusted computers, install an update from the vendor when one becomes available, or choose another FTP server.

References

http://secunia.com/advisories/42465

Limitations

This exploit has been tested against FreeFloat FTP Server 1.0 on Windows Server 2003 SP2 English (DEP OptOut) with KB956802 and KB2393802.

Platforms

Windows

Back to exploit index