Buffer Overflow in ProFTPD mod_tls Module
CVE-2006-6170

Currently unrated

Key Information:

Vendor: Proftpd Project
Status: Proftpd
Vendor: CVE Published:; 30 November 2006

🔔 Create Proftpd Project Vulnerability Alert

What is CVE-2006-6170?

The mod_tls module in ProFTPD versions 1.3.0a and earlier contains a buffer overflow vulnerability in the tls_x509_name_oneline function. This flaw can be exploited by an attacker who sends a specially crafted large data length argument during pre-authentication, leading to the execution of arbitrary code on the vulnerable host. This vulnerability poses a significant risk as it allows unauthorized access and manipulation of server resources.

References

http://www.debian.org/security/2006/dsa-1222

vendor-advisoryx_refsource_DEBIAN

http://lists.grok.org.uk/pipermail/full-disclosure/2006-N...

mailing-listx_refsource_FULLDISC

http://www.securityfocus.com/archive/1/452993/100/100/thr...

mailing-listx_refsource_BUGTRAQ

EPSS Score

14% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 30, 2006
Vulnerability Reserved
Nov 30, 2006

JSON