CVE-2024-58299
Buffer Overflow in PCMan FTP Server 2.0 Enables Remote Code Execution
Publication date: 2025-12-12
Last updated on: 2025-12-12
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| pcman | ftp_server | 2.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring FTP traffic for suspicious 'pwd' commands containing unusually long or malformed payloads that could trigger the buffer overflow. Specifically, detection can involve capturing FTP login sequences where the 'USER' and 'PASS' commands are followed by a 'pwd' command with an excessively long string (e.g., over 2000 characters). A practical approach is to use network packet capture tools like Wireshark or tcpdump to filter FTP traffic on port 21 and inspect the 'pwd' command payloads. Additionally, running the exploit script from Resource 2 in a controlled environment can help verify if a system is vulnerable. [2]
Can you explain this vulnerability to me?
This vulnerability is a buffer overflow in the 'pwd' command of PCMan FTP Server 2.0. It allows remote attackers to send a specially crafted payload during the FTP login process that overwrites memory, enabling them to execute arbitrary code on the affected system.
How can this vulnerability impact me? :
The vulnerability can allow attackers to gain unauthorized system access by executing arbitrary code remotely. This can lead to full compromise of the affected system, including data theft, system manipulation, or further attacks within the network.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling or restricting access to the PCMan FTP Server version 2.0, especially blocking external access to port 21 to prevent remote exploitation. Applying any available patches or updates from the vendor is recommended if available. If patching is not possible, consider using network-level protections such as firewalls or intrusion prevention systems to detect and block malicious 'pwd' commands with oversized payloads. Monitoring logs for unusual FTP activity and restricting FTP usage to trusted networks can also reduce risk. [1, 2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not contain information regarding the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.