By exploiting this vulnerability, the return address in the stack can be arbitrarily altered, allowing the auditor to gain control of the target host. After successful exploitation an agent will be deployed. This agent will inherit the user identity and capabilities of the abused service, usually those of the user used to login to the FTP server (for example, ftp). However, the UID (as opposite to the EUID) of the agent will be that of the super user in most cases (usually 0), and it can be changed by using the setuid module (see "setuid"). When an anonymous user is used, or if the server is configured to do this for other users, the deployed agent will be running inside a chroot jail. This situation does not prevent the use of the agent, and after setting the EUID to that of the super user, the chroot breaker module (see "chroot breaker") can be used to escape the chroot jail. As a side effect of this exploit execution, two new directories will be created on the target host, namely 'A' and 'AAAAAAAAA...' inside the former. They can be deleted after the module finishes execution.
CVE Link
Exploit Platform
Product Name