Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.6
CVSSv2

CVE-2006-6563

Published: 15/12/2006 Updated: 17/10/2018
CVSS v2 Base Score: 6.6 | Impact Score: 10 | Exploitability Score: 2.7
VMScore: 680
Vector: AV:L/AC:M/Au:S/C:C/I:C/A:C
Subscribe to Proftpd Project

Vulnerability Summary

Stack-based buffer overflow in the pr_ctrls_recv_request function in ctrls.c in the mod_ctrls module in ProFTPD prior to 1.3.1rc1 allows local users to execute arbitrary code via a large reqarglen length value.

Vulnerable Product Search on Vulmon Subscribe to Product

proftpd project proftpd 1.3.0

proftpd project proftpd 1.3.0a

Exploits

Exploit DB: ProFTPd 1.3.0a - 'mod_ctrls' 'support' Local Buffer Overflow (PoC)
# Core Security Technologies - Corelabs Advisory # ProFTPD Controls buffer overflow import socket import os, ospath,stat #This works with default proftpd 130a compiled with gcc 412 (ubuntu edgy) # ctrlSocket = "/tmp/ctrlssock" mySocket = "/tmp/notusedsock" canary = "\0\0\x0a\xff" trampoline = "\x77\xe7\xff\xff" # jmp ESP on vdso shel ...
Exploit DB: ProFTPd - 'ftpdctl' 'pr_ctrls_connect' Local Overflow
/* * This is simple local exploit (Proof of Concept?) for local bug in ProFTPd * not in default options (must be configured with option --enable-ctrls) * Bug exist in func tion pr_ctrls_connect() in file "src/ctrlsc", look: * * "src/ctrlsc" * int pr_ctrls_connect(const char *socket_file) { * * struct sockaddr_un cl_sock, ctrl_soc ...
Exploit DB: ProFTPd 1.3.0/1.3.0a - 'mod_ctrls' 'support' Local Buffer Overflow (1)
#!/usr/bin/perl -w # # $Id: revenge_proftpd_ctrls_24pl, v10 2007/02/18 19:24:22 revenge Exp $ # # ProFTPD v130/130a Controls Buffer Overflow Exploit # [Old style school sploit against gcc 3x and linux kernel 24] # # Original Advisory : # wwwcoresecuritycom/?action=item&id=1594 # # [ Exploitation condition ] # - prof ...
Exploit DB: ProFTPd 1.3.0/1.3.0a - 'mod_ctrls' 'support' Local Buffer Overflow (2)
#!/usr/bin/perl -w # # $Id: revenge_proftpd_ctrls_26pl, v11 2007/02/18 19:30:25 revenge Exp $ # # ProFTPD v130/130a Controls Buffer Overflow Exploit # # Original Advisory : # wwwcoresecuritycom/?action=item&id=1594 # # [ Exploitation condition ] # - proftpd must be compiled with --enable-ctrls option # - local user ne ...

References

NVD-CWE-Otherhttp://www.coresecurity.com/?module=ContentMod&action=item&id=1594http://www.proftpd.org/docs/NEWS-1.3.1rc1http://www.securityfocus.com/bid/21587http://secunia.com/advisories/23371http://www.mandriva.com/security/advisories?name=MDKSA-2006:232http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.039.htmlhttp://secunia.com/advisories/23392http://www.trustix.org/errata/2006/0074/http://secunia.com/advisories/23473http://security.gentoo.org/glsa/glsa-200702-02.xmlhttp://secunia.com/advisories/24163http://www.vupen.com/english/advisories/2006/4998https://exchange.xforce.ibmcloud.com/vulnerabilities/30906https://www.exploit-db.com/exploits/3330http://www.securityfocus.com/archive/1/460756/100/0/threadedhttp://www.securityfocus.com/archive/1/460648/100/0/threadedhttp://www.securityfocus.com/archive/1/454320/100/0/threadedhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/2928/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryptionCVE-2024-4331CVE-2024-26925arbitrary codeCVE-2006-4304CVE-2024-25458CVE-2024-27077reflected XSSCVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook