CVE-2006-6171
published 2006-11-30CVE-2006-6171: ProFTPD 1.3.0a and earlier does not properly set the buffer size limit when CommandBufferSize is specified in the configuration file, which leads to an…
PriorityP434high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
9.59%
94.9th percentile
ProFTPD 1.3.0a and earlier does not properly set the buffer size limit when CommandBufferSize is specified in the configuration file, which leads to an off-by-two buffer underflow. NOTE: in November 2006, the role of CommandBufferSize was originally associated with CVE-2006-5815, but this was an error stemming from a vague initial disclosure. NOTE: ProFTPD developers dispute this issue, saying that the relevant memory location is overwritten by assignment before further use within the affected function, so this is not a vulnerability
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | proftpd-dfsg | < proftpd-dfsg 1.3.0-13 (bookworm) | proftpd-dfsg 1.3.0-13 (bookworm) |
| proftpd_project | proftpd | <= 1.3.0a | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv10.0CRITICAL
vendor_debian10.0LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-fg3g-4994-3829: ** DISPUTED ** ProFTPD 1
ghsa_unreviewed·2022-05-01·CVSS 10.0
CVE-2006-6171 [CRITICAL] GHSA-fg3g-4994-3829: ** DISPUTED ** ProFTPD 1
** DISPUTED ** ProFTPD 1.3.0a and earlier does not properly set the buffer size limit when CommandBufferSize is specified in the configuration file, which leads to an off-by-two buffer underflow. NOTE: in November 2006, the role of CommandBufferSize was originally associated with CVE-2006-5815, but this was an error stemming from a vague initial disclosure. NOTE: ProFTPD developers dispute this issue, saying that the relevant memory location is overwritten by assignment before further use within the affected function, so this is not a vulnerability.
OSV
CVE-2006-6171: ProFTPD 1
osv·2006-11-30·CVSS 10.0
CVE-2006-6171 [CRITICAL] CVE-2006-6171: ProFTPD 1
ProFTPD 1.3.0a and earlier does not properly set the buffer size limit when CommandBufferSize is specified in the configuration file, which leads to an off-by-two buffer underflow. NOTE: in November 2006, the role of CommandBufferSize was originally associated with CVE-2006-5815, but this was an error stemming from a vague initial disclosure. NOTE: ProFTPD developers dispute this issue, saying that the relevant memory location is overwritten by assignment before further use within the affected function, so this is not a vulnerability
Debian
CVE-2006-6171: proftpd-dfsg - ProFTPD 1.3.0a and earlier does not properly set the buffer size limit when Comm...
vendor_debian·2006·CVSS 10.0
CVE-2006-6171 [CRITICAL] CVE-2006-6171: proftpd-dfsg - ProFTPD 1.3.0a and earlier does not properly set the buffer size limit when Comm...
ProFTPD 1.3.0a and earlier does not properly set the buffer size limit when CommandBufferSize is specified in the configuration file, which leads to an off-by-two buffer underflow. NOTE: in November 2006, the role of CommandBufferSize was originally associated with CVE-2006-5815, but this was an error stemming from a vague initial disclosure. NOTE: ProFTPD developers dispute this issue, saying that the relevant memory location is overwritten by assignment before further use within the affected function, so this is not a vulnerability
Scope: local
bookworm: resolved (fixed in 1.3.0-13)
bullseye: resolved (fixed in 1.3.0-13)
forky: resolved (fixed in 1.3.0-13)
sid: resolved (fixed in 1.3.0-13)
trixie: resolved (fixed in 1.3.0-13)
No detection rules found.
No public exploits indexed.
CWE
Buffer Underwrite ('Buffer Underflow')
mitre_cwe
CWE-124 Buffer Underwrite ('Buffer Underflow')
CWE-124: Buffer Underwrite ('Buffer Underflow')
The product writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer.
Modes of Introduction:
Phase: Implementation
Note: This typically occurs when a pointer or its index is decremented to a position before the buffer, when pointer arithmetic results in a position before the beginning of the valid memory location, or when a negative index is used.
Common Consequences:
Scope: Integrity, Availability. Impact: Modify Memory, DoS: Crash, Exit, or Restart. Out of bounds memory access will very likely result in the corruption of relevant memory, and perhaps instructions, possibly leading to a crash.
Scope: Integrity, Confidentiality, Availability, Access Control, Other. Impact: Execute U
CWE
Access of Memory Location Before Start of Buffer
mitre_cwe
CWE-786 Access of Memory Location Before Start of Buffer
CWE-786: Access of Memory Location Before Start of Buffer
The product reads or writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer.
This typically occurs when a pointer or its index is decremented to a position before the buffer, when pointer arithmetic results in a position before the beginning of the valid memory location, or when a negative index is used.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Confidentiality. Impact: Read Memory. For an out-of-bounds read, the attacker may have access to sensitive information. If the sensitive information contains system details, such as the current buffer's position in memory, this knowledge can be used to craft further attacks, possibly with more sev
http://proftp.cvs.sourceforge.net/proftp/proftpd/src/main.c?r1=1.292&r2=1.293&sortby=datehttp://secunia.com/advisories/23174http://secunia.com/advisories/23179http://secunia.com/advisories/23184http://secunia.com/advisories/23207http://secunia.com/advisories/23329http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.502491http://www.debian.org/security/2006/dsa-1218http://www.debian.org/security/2006/dsa-1222http://www.gentoo.org/security/en/glsa/glsa-200611-26.xmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:217-1http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.035.htmlhttp://www.trustix.org/errata/2006/0070https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=214820http://proftp.cvs.sourceforge.net/proftp/proftpd/src/main.c?r1=1.292&r2=1.293&sortby=datehttp://secunia.com/advisories/23174http://secunia.com/advisories/23179http://secunia.com/advisories/23184http://secunia.com/advisories/23207http://secunia.com/advisories/23329http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.502491http://www.debian.org/security/2006/dsa-1218http://www.debian.org/security/2006/dsa-1222http://www.gentoo.org/security/en/glsa/glsa-200611-26.xmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:217-1http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.035.htmlhttp://www.trustix.org/errata/2006/0070https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=214820
2006-11-30
Published