CVE-2006-6170 - Buffer overflow in the tls_x509_name_oneline function in the mod_tls module, as used in ProFTPD 1.3.

CVE-2006-6170

Summary

Buffer overflow in the tls_x509_name_oneline function in the mod_tls module, as used in ProFTPD 1.3.0a and earlier, and possibly other products, allows remote attackers to execute arbitrary code via a large data length argument, a different vulnerability than CVE-2006-5815.

References

Vulnerable Configurations

cpe:2.3:a:proftpd_project:proftpd:*:*:*:*:*:*:*:*
cpe:2.3:a:proftpd_project:proftpd:*:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 17-10-2018 - 21:47)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	21326
bugtraq	20061121 Re: [ MDKSA-2006:217 ] - Updated proftpd packages fix vulnerabilities 20061128 ProFTPD mod_tls pre-authentication buffer overflow 20061129 Re: ProFTPD mod_tls pre-authentication buffer overflow
confirm	https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=214820
debian	DSA-1222
fulldisc	20061128 ProFTPD mod_tls pre-authentication buffer overflow
gentoo	GLSA-200611-26
mandriva	MDKSA-2006:217-1
misc	http://elegerov.blogspot.com/2006/10/do-you-remember-2-years-old-overflow.html
secunia	23141 23174 23179 23184 23207
slackware	SSA:2006-335-02
trustix	2006-0066
vupen	ADV-2006-4745
xf	proftpd-modtls-bo(30554)

Last major update

17-10-2018 - 21:47

Published

30-11-2006 - 15:28

Last modified

17-10-2018 - 21:47