Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-6563

10 documents7 sources
Severity
6.6MEDIUM
EPSS
0.2%
top 51.97%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Proftpd Project Proftpd
Timeline
PublishedDec 15
Latest updateMay 1

Description

Stack-based buffer overflow in the pr_ctrls_recv_request function in ctrls.c in the mod_ctrls module in ProFTPD before 1.3.1rc1 allows local users to execute arbitrary code via a large reqarglen length value.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 2.7 | Impact: 10.0

Affected Packages2 packages

Debianproftpd-dfsg< 1.3.0-17+3
NVDproftpd_project/proftpd1.3.0, 1.3.0a+1

Patches

Patch: secunia.comPatch: www.coresecurity.comPatch: www.securityfocus.com

🔴Vulnerability Details

3
GHSA
GHSA-gw7g-g6w4-pgq8: Stack-based buffer overflow in the pr_ctrls_recv_request function in ctrls2022-05-01
CVEList
CVE-2006-6563: Stack-based buffer overflow in the pr_ctrls_recv_request function in ctrls2006-12-15
OSV
CVE-2006-6563: Stack-based buffer overflow in the pr_ctrls_recv_request function in ctrls2006-12-15

💥Exploits & PoCs

4
Exploit-DB
ProFTPd 1.3.0/1.3.0a - 'mod_ctrls' 'support' Local Buffer Overflow (2)2007-02-19
Exploit-DB
ProFTPd 1.3.0/1.3.0a - 'mod_ctrls' 'support' Local Buffer Overflow (1)2007-02-18
Exploit-DB
ProFTPd 1.3.0a - 'mod_ctrls' 'support' Local Buffer Overflow (PoC)2006-12-13
Exploit-DB
ProFTPd - 'ftpdctl' 'pr_ctrls_connect' Local Overflow2004-08-13

📋Vendor Advisories

1
Debian
CVE-2006-6563: proftpd-dfsg - Stack-based buffer overflow in the pr_ctrls_recv_request function in ctrls.c in ...2006

💬Community

1
Bugzilla
CVE-2006-6563: proftpd < 1.3.1rc1 mod_ctrls buffer overflow2006-12-17