7.5

CVE-2006-6171

EPSS 3.86%
Published 30.11.2006 15:28:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

ProFTPD 1.3.0a and earlier does not properly set the buffer size limit when CommandBufferSize is specified in the configuration file, which leads to an off-by-two buffer underflow.  NOTE: in November 2006, the role of CommandBufferSize was originally associated with CVE-2006-5815, but this was an error stemming from a vague initial disclosure.  NOTE: ProFTPD developers dispute this issue, saying that the relevant memory location is overwritten by assignment before further use within the affected function, so this is not a vulnerability

Affected products Warnungen 0 Metrics 2 CWE 0 References 17

Data is provided by the National Vulnerability Database (NVD)

Proftpd Project ≫ Proftpd Version <= 1.3.0a

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	3.86%	0.878

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://secunia.com/advisories/23174

http://secunia.com/advisories/23179

http://secunia.com/advisories/23184

http://secunia.com/advisories/23207

http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.502491

http://www.debian.org/security/2006/dsa-1222

http://www.gentoo.org/security/en/glsa/glsa-200611-26.xml

http://www.mandriva.com/security/advisories?name=MDKSA-2006:217-1

http://www.trustix.org/errata/2006/0070

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=214820

Vendor Advisory

http://proftp.cvs.sourceforge.net/proftp/proftpd/src/main.c?r1=1.292&r2=1.293&sortby=date

Vendor Advisory

http://secunia.com/advisories/23329

http://www.debian.org/security/2006/dsa-1218

http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.035.html

https://nvd.nist.gov/vuln/detail/CVE-2006-6171

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-6171

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-6171

EUVD