CVE-2006-6171 - Vulnerability Details - OpenCVE

ProFTPD 1.3.0a and earlier does not properly set the buffer size limit when CommandBufferSize is specified in the configuration file, which leads to an off-by-two buffer underflow. NOTE: in November 2006, the role of CommandBufferSize was originally associated with CVE-2006-5815, but this was an error stemming from a vague initial disclosure. NOTE: ProFTPD developers dispute this issue, saying that the relevant memory location is overwritten by assignment before further use within the affected function, so this is not a vulnerability

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Proftpd Project	Proftpd

Configuration 1 [-]

cpe:2.3:a:proftpd_project:proftpd:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://proftp.cvs.sourceforge.net/proftp/proftpd/src/main.c?r1=1.292&r2=1.293&sortby=date
http://secunia.com/advisories/23174
http://secunia.com/advisories/23179
http://secunia.com/advisories/23184
http://secunia.com/advisories/23207
http://secunia.com/advisories/23329
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.502491
http://www.debian.org/security/2006/dsa-1218
http://www.debian.org/security/2006/dsa-1222
http://www.gentoo.org/security/en/glsa/glsa-200611-26.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:217-1
http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.035.html
http://www.trustix.org/errata/2006/0070
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=214820

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-11-30T15:00:00

Updated: 2024-08-07T20:19:34.625Z

Reserved: 2006-11-30T00:00:00

Link: CVE-2006-6171

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2006-11-30T15:28:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2006-6171

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-11-28T00:00:00", "descriptions": [{"lang": "en", "value": "ProFTPD 1.3.0a and earlier does not properly set the buffer size limit when CommandBufferSize is specified in the configuration file, which leads to an off-by-two buffer underflow. NOTE: in November 2006, the role of CommandBufferSize was originally associated with CVE-2006-5815, but this was an error stemming from a vague initial disclosure. NOTE: ProFTPD developers dispute this issue, saying that the relevant memory location is overwritten by assignment before further use within the affected function, so this is not a vulnerability"}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2006-12-04T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "DSA-1222", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2006/dsa-1222"}, {"tags": ["x_refsource_MISC"], "url": "http://proftp.cvs.sourceforge.net/proftp/proftpd/src/main.c?r1=1.292&r2=1.293&sortby=date"}, {"name": "DSA-1218", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2006/dsa-1218"}, {"name": "23207", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23207"}, {"name": "SSA:2006-335-02", "tags": ["vendor-advisory", "x_refsource_SLACKWARE"], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.502491"}, {"name": "23174", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23174"}, {"name": "MDKSA-2006:217-1", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:217-1"}, {"name": "2006-0070", "tags": ["vendor-advisory", "x_refsource_TRUSTIX"], "url": "http://www.trustix.org/errata/2006/0070"}, {"name": "23329", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23329"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=214820"}, {"name": "23184", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23184"}, {"name": "23179", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23179"}, {"name": "GLSA-200611-26", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200611-26.xml"}, {"name": "OpenPKG-SA-2006.035", "tags": ["vendor-advisory", "x_refsource_OPENPKG"], "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.035.html"}], "tags": ["disputed"], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-6171", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "** DISPUTED ** ProFTPD 1.3.0a and earlier does not properly set the buffer size limit when CommandBufferSize is specified in the configuration file, which leads to an off-by-two buffer underflow. NOTE: in November 2006, the role of CommandBufferSize was originally associated with CVE-2006-5815, but this was an error stemming from a vague initial disclosure. NOTE: ProFTPD developers dispute this issue, saying that the relevant memory location is overwritten by assignment before further use within the affected function, so this is not a vulnerability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "DSA-1222", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2006/dsa-1222"}, {"name": "http://proftp.cvs.sourceforge.net/proftp/proftpd/src/main.c?r1=1.292&r2=1.293&sortby=date", "refsource": "MISC", "url": "http://proftp.cvs.sourceforge.net/proftp/proftpd/src/main.c?r1=1.292&r2=1.293&sortby=date"}, {"name": "DSA-1218", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2006/dsa-1218"}, {"name": "23207", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23207"}, {"name": "SSA:2006-335-02", "refsource": "SLACKWARE", "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.502491"}, {"name": "23174", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23174"}, {"name": "MDKSA-2006:217-1", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:217-1"}, {"name": "2006-0070", "refsource": "TRUSTIX", "url": "http://www.trustix.org/errata/2006/0070"}, {"name": "23329", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23329"}, {"name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=214820", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=214820"}, {"name": "23184", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23184"}, {"name": "23179", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23179"}, {"name": "GLSA-200611-26", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200611-26.xml"}, {"name": "OpenPKG-SA-2006.035", "refsource": "OPENPKG", "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.035.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T20:19:34.625Z"}, "title": "CVE Program Container", "references": [{"name": "DSA-1222", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2006/dsa-1222"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://proftp.cvs.sourceforge.net/proftp/proftpd/src/main.c?r1=1.292&r2=1.293&sortby=date"}, {"name": "DSA-1218", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2006/dsa-1218"}, {"name": "23207", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23207"}, {"name": "SSA:2006-335-02", "tags": ["vendor-advisory", "x_refsource_SLACKWARE", "x_transferred"], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.502491"}, {"name": "23174", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23174"}, {"name": "MDKSA-2006:217-1", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:217-1"}, {"name": "2006-0070", "tags": ["vendor-advisory", "x_refsource_TRUSTIX", "x_transferred"], "url": "http://www.trustix.org/errata/2006/0070"}, {"name": "23329", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23329"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=214820"}, {"name": "23184", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23184"}, {"name": "23179", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23179"}, {"name": "GLSA-200611-26", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200611-26.xml"}, {"name": "OpenPKG-SA-2006.035", "tags": ["vendor-advisory", "x_refsource_OPENPKG", "x_transferred"], "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.035.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-6171", "datePublished": "2006-11-30T15:00:00", "dateReserved": "2006-11-30T00:00:00", "dateUpdated": "2024-08-07T20:19:34.625Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:proftpd_project:proftpd:*:*:*:*:*:*:*:*", "matchCriteriaId": "743C1E0F-3365-49C0-99A3-628586B77FCC", "versionEndIncluding": "1.3.0a", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [{"sourceIdentifier": "cve@mitre.org", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "ProFTPD 1.3.0a and earlier does not properly set the buffer size limit when CommandBufferSize is specified in the configuration file, which leads to an off-by-two buffer underflow. NOTE: in November 2006, the role of CommandBufferSize was originally associated with CVE-2006-5815, but this was an error stemming from a vague initial disclosure. NOTE: ProFTPD developers dispute this issue, saying that the relevant memory location is overwritten by assignment before further use within the affected function, so this is not a vulnerability"}, {"lang": "es", "value": "** IMPUGNADO ** ProFTPD 1.3.0a y versiones anteriores no asigna apropiadamente el l\u00edmite del b\u00fafer cuando se especifica CommandBufferSize en el fichero de configuraci\u00f3n, lo que conduce a un desbordamiento inferior de b\u00fafer por superaci\u00f3n de l\u00edmite (off-by-twho).\r\nNOTA: En Noviembre de 2006, el rol de CommandBufferSize fue originalmente asociado con CVE-2006-5815, lo cual fue erroneo debido a un vago descubrimiento inicial.\r\nNOTA: Los desarrolladores de ProFTPD impugnaron esta vulnerabilidad, diciendo que la ubicaci\u00f3n de memoria es sobre-escrita por asignaci\u00f3n antes de ser usada con la funci\u00f3n afectada, as\u00ed que no es una vulnerabilidad."}], "id": "CVE-2006-6171", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-11-30T15:28:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://proftp.cvs.sourceforge.net/proftp/proftpd/src/main.c?r1=1.292&r2=1.293&sortby=date"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/23174"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/23179"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/23184"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/23207"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/23329"}, {"source": "cve@mitre.org", "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.502491"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2006/dsa-1218"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2006/dsa-1222"}, {"source": "cve@mitre.org", "url": "http://www.gentoo.org/security/en/glsa/glsa-200611-26.xml"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:217-1"}, {"source": "cve@mitre.org", "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.035.html"}, {"source": "cve@mitre.org", "url": "http://www.trustix.org/errata/2006/0070"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=214820"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://proftp.cvs.sourceforge.net/proftp/proftpd/src/main.c?r1=1.292&r2=1.293&sortby=date"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/23174"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/23179"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/23184"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/23207"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/23329"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.502491"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2006/dsa-1218"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2006/dsa-1222"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.gentoo.org/security/en/glsa/glsa-200611-26.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:217-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.035.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.trustix.org/errata/2006/0070"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=214820"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}