ID CVE-2006-6170
Summary Buffer overflow in the tls_x509_name_oneline function in the mod_tls module, as used in ProFTPD 1.3.0a and earlier, and possibly other products, allows remote attackers to execute arbitrary code via a large data length argument, a different vulnerability than CVE-2006-5815.
References
Vulnerable Configurations
  • cpe:2.3:a:proftpd_project:proftpd:*:*:*:*:*:*:*:*
    cpe:2.3:a:proftpd_project:proftpd:*:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 17-10-2018 - 21:47)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 21326
bugtraq
  • 20061121 Re: [ MDKSA-2006:217 ] - Updated proftpd packages fix vulnerabilities
  • 20061128 ProFTPD mod_tls pre-authentication buffer overflow
  • 20061129 Re: ProFTPD mod_tls pre-authentication buffer overflow
confirm https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=214820
debian DSA-1222
fulldisc 20061128 ProFTPD mod_tls pre-authentication buffer overflow
gentoo GLSA-200611-26
mandriva MDKSA-2006:217-1
misc http://elegerov.blogspot.com/2006/10/do-you-remember-2-years-old-overflow.html
secunia
  • 23141
  • 23174
  • 23179
  • 23184
  • 23207
slackware SSA:2006-335-02
trustix 2006-0066
vupen ADV-2006-4745
xf proftpd-modtls-bo(30554)
Last major update 17-10-2018 - 21:47
Published 30-11-2006 - 15:28
Last modified 17-10-2018 - 21:47
Back to Top