FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2006-6652

This CVE name corresponds to:

Entered Topic
2006-12-11 tnftpd -- Remote root Exploit

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2006-6652 at cve.mitre.org

Details

Type Candidate
Name CVE-2006-6652
Phase Assigned(20061219)

Description

Buffer overflow in the glob implementation (glob.c) in libc in NetBSD-current before 20050914, NetBSD 2.* and 3.* before 20061203, and Apple Mac OS X before 2007-004, as used by the FTP daemon and tnftpd, allows remote authenticated users to execute arbitrary code via a long pathname that results from path expansion.

References

Source Reference
FULLDISC 20061201 NetBSD FTPD and ports ***REMOTE ROOOOOT HOLE***
CONFIRM http://docs.info.apple.com/article.html?artnum=305391
APPLE APPLE-SA-2007-04-19
NETBSD NetBSD-SA2006-027
CERT TA07-109A
BID 21377
VUPEN ADV-2007-1470
OSVDB 31781
SECTRACK 1017386
SECUNIA 24966
SECUNIA 23178
XF netbsd-ftpd-glob-bo(30670)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.