A critical buffer overflow vulnerability in the Filetto FTP Server allows unauthenticated attackers to remotely crash the service, resulting in a persistent denial of service.

The vulnerability occurs during the processing of the FTP "FEAT" command. An unauthenticated attacker can send a specially crafted FEAT command containing 11,008 bytes of repeated characters, which triggers a buffer overflow and causes the FTP service to terminate unexpectedly.

Successful exploitation results in the immediate unavailability of the FTP service, disrupting file transfer operations and potentially impacting business workflows that rely on the server. While primarily a Denial of Service, the CVSS score of 9.8 suggests that the underlying memory corruption could potentially be leveraged for more advanced exploitation.

Immediate Action: Update Filetto FTP Server to the latest version or migrate to a more robust and regularly maintained FTP solution such as FileZilla Server or an SFTP-based alternative.

Proactive Monitoring: Configure automated alerts to notify administrators if the FTP service stops unexpectedly and monitor network traffic for unusually large FTP command strings.

Compensating Controls: Implement an Intrusion Prevention System (IPS) with signatures designed to detect and drop oversized or malformed FTP commands, specifically targeting the FEAT verb.

Public Exploit Available: No

The Filetto FTP Server version 1.0 is highly susceptible to remote disruption. Given the age of the software and the criticality of the flaw, it is recommended to replace this software with a modern, secure alternative that supports encrypted transfers and has a proven track record of security patching.