Buffer Overflow in PCMan's FTP Server Allows Remote Code Execution
CVE-2013-4730

Currently unrated

Key Information:

Vendor: Pcman\'s Ftp Server Project
Status: Pcman\'s Ftp Server
Vendor: CVE Published:; 15 May 2014

🔔 Create Pcman\'s Ftp Server Project Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 75%

What is CVE-2013-4730?

The buffer overflow vulnerability in PCMan's FTP Server 2.0.7 allows remote attackers to execute arbitrary code. This can be exploited via a specially crafted USER command that sends an excessively long string, resulting in overwriting the memory allocated for the process. Successful exploitation can lead to complete control over the affected system, posing significant security risks. Users of the affected version are strongly advised to update to the latest version to mitigate the risk.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

PCmanBoF
Created by t0rt3ll1n0

References

http://www.securityfocus.com/bid/60837

vdb-entryx_refsource_BID

http://osvdb.org/show/osvdb/94624

vdb-entryx_refsource_OSVDB

http://www.exploit-db.com/exploits/26471

exploitx_refsource_EXPLOIT-DB

EPSS Score

75% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Nov 12, 2020
👾
Exploit known to exist
Nov 12, 2020
Vulnerability published
May 15, 2014
Vulnerability Reserved
Jun 29, 2013