Buffer Overflow in PCMan's FTP Server Allows Remote Code Execution
CVE-2013-4730

Currently unrated

Key Information:

Vendor
Pcman\'s Ftp Server Project
Status
Pcman\'s Ftp Server
Vendor
CVE Published:
15 May 2014

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 75%

Summary

The buffer overflow vulnerability in PCMan's FTP Server 2.0.7 allows remote attackers to execute arbitrary code. This can be exploited via a specially crafted USER command that sends an excessively long string, resulting in overwriting the memory allocated for the process. Successful exploitation can lead to complete control over the affected system, posing significant security risks. Users of the affected version are strongly advised to update to the latest version to mitigate the risk.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

PCmanBoF
Created by t0rt3ll1n0

References

http://www.securityfocus.com/bid/60837
vdb-entryx_refsource_BID
http://osvdb.org/show/osvdb/94624
vdb-entryx_refsource_OSVDB
http://www.exploit-db.com/exploits/26471
exploitx_refsource_EXPLOIT-DB

EPSS Score

75% chance of being exploited in the next 30 days.

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2013-4730 : Buffer Overflow in PCMan's FTP Server Allows Remote Code Execution | SecurityVulnerability.io