Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2006-6171

Published: 30/11/2006 Updated: 11/04/2024
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Proftpd

Vulnerability Summary

ProFTPD 1.3.0a and previous versions does not properly set the buffer size limit when CommandBufferSize is specified in the configuration file, which leads to an off-by-two buffer underflow. NOTE: in November 2006, the role of CommandBufferSize was originally associated with CVE-2006-5815, but this was an error stemming from a vague initial disclosure. NOTE: ProFTPD developers dispute this issue, saying that the relevant memory location is overwritten by assignment before further use within the affected function, so this is not a vulnerability

Vulnerable Product Search on Vulmon Subscribe to Product

proftpd project proftpd

Vendor Advisories

Debian Security Advisories: DSA-1222-2 proftpd -- several vulnerabilities
Due to technical problems yesterday's proftpd update lacked a build for the amd64 architecture, which is now available For reference please find below the original advisory text: Several remote vulnerabilities have been discovered in the proftpd FTP daemon, which may lead to the execution of arbitrary code or denial of service The Common Vulnera ...

References

NVD-CWE-Otherhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=214820http://proftp.cvs.sourceforge.net/proftp/proftpd/src/main.c?r1=1.292&r2=1.293&sortby=datehttp://www.debian.org/security/2006/dsa-1218http://www.debian.org/security/2006/dsa-1222http://www.gentoo.org/security/en/glsa/glsa-200611-26.xmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:217-1http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.502491http://secunia.com/advisories/23174http://secunia.com/advisories/23179http://secunia.com/advisories/23184http://secunia.com/advisories/23207http://www.trustix.org/errata/2006/0070http://secunia.com/advisories/23329http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.035.htmlhttps://nvd.nist.govhttps://www.debian.org/security/./dsa-1222
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook