CVE-2006-6170 : Buffer overflow in the tls_x509_name_oneline function in the mod_tls module, as used in ProFTPD 1.3.0a and earlier, and

Buffer overflow in the tls_x509_name_oneline function in the mod_tls module, as used in ProFTPD 1.3.0a and earlier, and possibly other products, allows remote attackers to execute arbitrary code via a large data length argument, a different vulnerability than CVE-2006-5815.

Published 2006-11-30 15:28:00

Updated 2018-10-17 21:47:05

Source MITRE

View at NVD, CVE.org

Vulnerability category: OverflowExecute code

Exploit prediction scoring system (EPSS) score for CVE-2006-6170

Probability of exploitation activity in the next 30 days: 30.68%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 96 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2006-6170

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2006-6170

https://exchange.xforce.ibmcloud.com/vulnerabilities/30554
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=214820

214820 – (CVE-2006-5815) CVE-2006-5815: proftpd unspecified vulnerability
Vendor Advisory

CVEs referencing this url
http://www.mandriva.com/security/advisories?name=MDKSA-2006:217-1

Advisories - Mandriva Linux

CVEs referencing this url
http://www.gentoo.org/security/en/glsa/glsa-200611-26.xml

ProFTPD: Remote execution of arbitrary code (GLSA 200611-26) — Gentoo security

CVEs referencing this url
http://www.vupen.com/english/advisories/2006/4745
http://www.securityfocus.com/archive/1/452993/100/100/threaded
http://www.securityfocus.com/bid/21326
http://www.debian.org/security/2006/dsa-1222

[SECURITY] [DSA 1222-1] New proftpd packages fix several vulnerabilities

CVEs referencing this url
http://www.securityfocus.com/archive/1/452228/100/100/threaded
http://lists.grok.org.uk/pipermail/full-disclosure/2006-November/050935.html

Exploit;Vendor Advisory
http://elegerov.blogspot.com/2006/10/do-you-remember-2-years-old-overflow.html

Exploit;Vendor Advisory
http://www.securityfocus.com/archive/1/452872/100/0/threaded
http://www.trustix.org/errata/2006/0066
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.502491

CVEs referencing this url

Products affected by CVE-2006-6170

Proftpd Project » Proftpd
Versions up to, including, (<=) 1.3.0a
cpe:2.3:a:proftpd_project:proftpd:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2006-6170

Exploit prediction scoring system (EPSS) score for CVE-2006-6170

CVSS scores for CVE-2006-6170

References for CVE-2006-6170

Products affected by CVE-2006-6170