Stack-based Buffer Overflow in ProFTPD by ProFTPD Project
CVE-2006-5815

Currently unrated

Key Information:

Vendor

Proftpd Project

Status
Proftpd
Vendor
CVE Published:
8 November 2006

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC๐ŸŸฃ EPSS 59%

What is CVE-2006-5815?

A stack-based buffer overflow has been identified in the sreplace function of ProFTPD versions 1.3.0 and earlier. This vulnerability potentially allows remote attackers, particularly those with authenticated access, to exploit the flaw to execute arbitrary code or trigger a denial of service condition. The exploit, demonstrated in the vd_proftpd.pm script, underscores the importance of applying security patches and updates to prevent unauthorized access and system compromise.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

Metasploit exploit module for CVE-2006-5815
Created by Rapid7

References

http://www.vupen.com/english/advisories/2006/4451
vdb-entryx_refsource_VUPEN
http://gleg.net/vulndisco_meta.shtml
x_refsource_MISC
http://www.debian.org/security/2006/dsa-1222
vendor-advisoryx_refsource_DEBIAN

EPSS Score

59% chance of being exploited in the next 30 days.

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

JSON
.