ID CVE-2006-6563
Summary Stack-based buffer overflow in the pr_ctrls_recv_request function in ctrls.c in the mod_ctrls module in ProFTPD before 1.3.1rc1 allows local users to execute arbitrary code via a large reqarglen length value. This vulnerability is addressed in the following product update: ProFTPD Project, ProFTPD, 1.3.1rc1
References
Vulnerable Configurations
  • cpe:2.3:a:proftpd_project:proftpd:1.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:proftpd_project:proftpd:1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:proftpd_project:proftpd:1.3.0a:*:*:*:*:*:*:*
    cpe:2.3:a:proftpd_project:proftpd:1.3.0a:*:*:*:*:*:*:*
CVSS
Base: 6.6 (as of 17-10-2018 - 21:49)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL MEDIUM SINGLE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:M/Au:S/C:C/I:C/A:C
refmap via4
bid 21587
bugtraq
  • 20061213 CORE-2006-1127: ProFTPD Controls Buffer Overflow
  • 20070219 ProFTPD 1.3.0/1.3.0a (mod_ctrls support) Local Buffer Overflow Exploit
  • 20070221 Re: ProFTPD 1.3.0/1.3.0a (mod_ctrls support) Local Buffer Overflow Exploit
confirm http://www.proftpd.org/docs/NEWS-1.3.1rc1
exploit-db 3330
gentoo GLSA-200702-02
mandriva MDKSA-2006:232
misc http://www.coresecurity.com/?module=ContentMod&action=item&id=1594
openpkg OpenPKG-SA-2006.039
secunia
  • 23371
  • 23392
  • 23473
  • 24163
trustix 2006-0074
vupen ADV-2006-4998
xf proftpd-controls-bo(30906)
Last major update 17-10-2018 - 21:49
Published 15-12-2006 - 11:28
Last modified 17-10-2018 - 21:49
Back to Top