Vulnerability Details : CVE-2006-6767
oftpd before 0.3.7 allows remote attackers to cause a denial of service (daemon abort) via a (1) LPRT or (2) LPASV command with an unsupported address family, which triggers an assertion failure.
Vulnerability category: Denial of service
Exploit prediction scoring system (EPSS) score for CVE-2006-6767
Probability of exploitation activity in the next 30 days: 10.22%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 95 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2006-6767
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
9.4
|
HIGH | AV:N/AC:L/Au:N/C:N/I:C/A:C |
10.0
|
9.2
|
NIST |
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2006-6767
-
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.Assigned by: nvd@nist.gov (Primary)
References for CVE-2006-6767
-
http://www.gentoo.org/security/en/glsa/glsa-200701-09.xml
oftpd: Denial of service (GLSA 200701-09) — Gentoo securityThird Party Advisory
-
http://secunia.com/advisories/23797
About Secunia Research | FlexeraBroken Link
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/31520
oftpd LPSV or LPRT commands denial of service CVE-2006-6767 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://securitytracker.com/id?1017517
GoDaddy Domain Name SearchBroken Link;Third Party Advisory;VDB Entry
-
http://osvdb.org/32822
Broken Link
-
http://secunia.com/advisories/23790
About Secunia Research | FlexeraBroken Link
-
http://www.securityfocus.com/bid/22073
Broken Link;Third Party Advisory;VDB Entry
-
http://www.vupen.com/english/advisories/2007/0198
Webmail: access your OVH emails on ovhcloud.com | OVHcloudBroken Link
Products affected by CVE-2006-6767
- cpe:2.3:a:time-travellers:oftpd:*:*:*:*:*:*:*:*