FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2006-5815

This CVE name corresponds to:

Entered Topic
2006-12-21 proftpd -- remote code execution vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2006-5815 at cve.mitre.org

Details

Type Candidate
Name CVE-2006-5815
Phase Assigned(20061108)

Description

Stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0 and earlier allows remote attackers, probably authenticated, to cause a denial of service and execute arbitrary code, as demonstrated by vd_proftpd.pm, a "ProFTPD remote exploit."

References

Source Reference
BUGTRAQ 20061127 CVE-2006-5815: remote code execution in ProFTPD
MISC http://gleg.net/vulndisco_meta.shtml
CONFIRM http://bugs.proftpd.org/show_bug.cgi?id=2858
CONFIRM https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=214820
DEBIAN DSA-1222
GENTOO GLSA-200611-26
MANDRIVA MDKSA-2006:217
MANDRIVA MDKSA-2006:217-1
OPENPKG OpenPKG-SA-2006.035
SLACKWARE SSA:2006-335-02
TRUSTIX 2006-0066
TRUSTIX 2006-0070
BID 20992
VUPEN ADV-2006-4451
SECTRACK 1017167
SECUNIA 22803
SECUNIA 22821
SECUNIA 23000
SECUNIA 23069
SECUNIA 23125
SECUNIA 23174
SECUNIA 23179
SECUNIA 23184
SECUNIA 23207
XF proftpd-code-execution(30147)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.