Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-5815

CWE-119 — Buffer Overflow8 documents7 sources

Severity

10.0CRITICAL

EPSS

73.4%

top 1.20%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Proftpd Project Proftpd

Timeline

PublishedNov 8

Latest updateMay 1

Description

Stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0 and earlier allows remote attackers, probably authenticated, to cause a denial of service and execute arbitrary code, as demonstrated by vd_proftpd.pm, a "ProFTPD remote exploit."

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶Debianproftpd-dfsg< 1.3.0-15+3

▶NVDproftpd_project/proftpd1.3.0

🔴Vulnerability Details

GHSA

GHSA-q4h4-p4xh-74q7: Stack-based buffer overflow in the sreplace function in ProFTPD 1↗2022-05-01

▶

OSV

CVE-2006-5815: Stack-based buffer overflow in the sreplace function in ProFTPD 1↗2006-11-08

▶

CVEList

CVE-2006-5815: Stack-based buffer overflow in the sreplace function in ProFTPD 1↗2006-11-08

▶

💥Exploits & PoCs

Exploit-DB

ProFTPd 1.2 < 1.3.0 (Linux) - 'sreplace' Remote Buffer Overflow (Metasploit)↗2011-01-09

▶

Exploit-DB

ProFTPd 1.3.0 - 'sreplace' Remote Stack Overflow (Metasploit)↗2006-11-27

▶

📋Vendor Advisories

Debian

CVE-2006-5815: proftpd-dfsg - Stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0 and earlie...↗2006

▶

💬Community

Bugzilla

CVE-2006-5815: proftpd unspecified vulnerability↗2006-11-09

▶