Описание
** DISPUTED ** ProFTPD 1.3.0a and earlier does not properly set the buffer size limit when CommandBufferSize is specified in the configuration file, which leads to an off-by-two buffer underflow. NOTE: in November 2006, the role of CommandBufferSize was originally associated with CVE-2006-5815, but this was an error stemming from a vague initial disclosure. NOTE: ProFTPD developers dispute this issue, saying that the relevant memory location is overwritten by assignment before further use within the affected function, so this is not a vulnerability.
** DISPUTED ** ProFTPD 1.3.0a and earlier does not properly set the buffer size limit when CommandBufferSize is specified in the configuration file, which leads to an off-by-two buffer underflow. NOTE: in November 2006, the role of CommandBufferSize was originally associated with CVE-2006-5815, but this was an error stemming from a vague initial disclosure. NOTE: ProFTPD developers dispute this issue, saying that the relevant memory location is overwritten by assignment before further use within the affected function, so this is not a vulnerability.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2006-6171
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=214820
- http://proftp.cvs.sourceforge.net/proftp/proftpd/src/main.c?r1=1.292&r2=1.293&sortby=date
- http://secunia.com/advisories/23174
- http://secunia.com/advisories/23179
- http://secunia.com/advisories/23184
- http://secunia.com/advisories/23207
- http://secunia.com/advisories/23329
- http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.502491
- http://www.debian.org/security/2006/dsa-1218
- http://www.debian.org/security/2006/dsa-1222
- http://www.gentoo.org/security/en/glsa/glsa-200611-26.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:217-1
- http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.035.html
- http://www.trustix.org/errata/2006/0070
EPSS
CVE ID
Связанные уязвимости
ProFTPD 1.3.0a and earlier does not properly set the buffer size limit when CommandBufferSize is specified in the configuration file, which leads to an off-by-two buffer underflow. NOTE: in November 2006, the role of CommandBufferSize was originally associated with CVE-2006-5815, but this was an error stemming from a vague initial disclosure. NOTE: ProFTPD developers dispute this issue, saying that the relevant memory location is overwritten by assignment before further use within the affected function, so this is not a vulnerability
ProFTPD 1.3.0a and earlier does not properly set the buffer size limit ...
Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
EPSS