Vulnerability Details : CVE-2006-5815
Public exploit exists!
Stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0 and earlier allows remote attackers, probably authenticated, to cause a denial of service and execute arbitrary code, as demonstrated by vd_proftpd.pm, a "ProFTPD remote exploit."
Vulnerability category: OverflowExecute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2006-5815
Probability of exploitation activity in the next 30 days: 54.09%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 98 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2006-5815
-
ProFTPD 1.2 - 1.3.0 sreplace Buffer Overflow (Linux)
Disclosure Date: 2006-11-26First seen: 2020-04-26exploit/linux/ftp/proftp_sreplaceThis module exploits a stack-based buffer overflow in versions 1.2 through 1.3.0 of ProFTPD server. The vulnerability is within the "sreplace" function within the "src/support.c" file. The off-by-one heap overflow bug in the ProFTPD sreplace function has been
CVSS scores for CVE-2006-5815
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2006-5815
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2006-5815
-
http://www.vupen.com/english/advisories/2006/4451
Vendor Advisory
-
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=214820
214820 – (CVE-2006-5815) CVE-2006-5815: proftpd unspecified vulnerability
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:217
-
http://www.trustix.org/errata/2006/0070
Trustix | Empowering Trust and Security in the Digital Age
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/30147
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:217-1
Advisories - Mandriva Linux
-
http://www.gentoo.org/security/en/glsa/glsa-200611-26.xml
ProFTPD: Remote execution of arbitrary code (GLSA 200611-26) — Gentoo security
-
http://www.debian.org/security/2006/dsa-1222
[SECURITY] [DSA 1222-1] New proftpd packages fix several vulnerabilities
-
http://bugs.proftpd.org/show_bug.cgi?id=2858
Bug 2858 – CVE-2006-5815: remote code execution in ProFTPD
-
http://securitytracker.com/id?1017167
-
http://www.securityfocus.com/bid/20992
ProFTPD SReplace Remote Buffer Overflow Vulnerability
-
http://www.securityfocus.com/archive/1/452760/100/200/threaded
-
http://www.trustix.org/errata/2006/0066/
Trustix | Empowering Trust and Security in the Digital Age
-
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.035-proftpd.html
- http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.502491
Products affected by CVE-2006-5815
- cpe:2.3:a:proftpd_project:proftpd:*:*:*:*:*:*:*:*