freeFTPd PASS Command Buffer Overflow

Rocco Calvi

August 20, 2013

CVE: CVE-2013-10042
Affected Vendor: freeFTPd
Affected Product: freeFTPd
Exploit Type: Metasploit Module
Metasploit Module: exploit/windows/ftp/freeftpd_pass

Description

freeFTPd 1.0.10 and below contains an overflow condition where user-supplied input is not properly validated when handling a specially crafted PASS command, enabling remote attackers to trigger a buffer overflow and achieve arbitrary code execution.

References

Rapid7 Module