PCMan's FTP Server 'CDUP' Command Buffer Overflow Vulnerability

PCMan's FTP Server is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

An attacker could exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

Information

Bugtraq ID: 107574
Class: Boundary Condition Error
CVE:
Remote: Yes
Local: No
Published: Mar 26 2019 12:00AM
Updated: Mar 26 2019 12:00AM
Credit: Sachin Wagh(@tiger_tigerboy)
Vulnerable: Paul Kocher PCMan's FTP Server 2.0

Not Vulnerable:

Exploit

The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.

References:

• PCMan FTP Server 2.0 CDUP Remote Buffer Overflow (packetstormsecurity.com)
  
• PCMan's FTP Server Product Page (Paul Kocher)
  

Source: www.securityfocus.com