CVE-2006-6563 : Stack-based buffer overflow in the pr_ctrls_recv

Stack-based buffer overflow in the pr_ctrls_recv_request function in ctrls.c in the mod_ctrls module in ProFTPD before 1.3.1rc1 allows local users to execute arbitrary code via a large reqarglen length value.

Published 2006-12-15 11:28:00

Updated 2025-04-09 00:30:58

Source MITRE

View at NVD, CVE.org

Vulnerability category: OverflowExecute code

Products affected by CVE-2006-6563

Proftpd Project » Proftpd » Version: 1.3.0
cpe:2.3:a:proftpd_project:proftpd:1.3.0:*:*:*:*:*:*:*
Matching versions
Proftpd Project » Proftpd » Version: 1.3.0a
cpe:2.3:a:proftpd_project:proftpd:1.3.0a:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2006-6563

EPSS FAQ

0.17%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 35 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2006-6563

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.6	MEDIUM	AV:L/AC:M/Au:S/C:C/I:C/A:C	2.7	10.0	NIST
Access Vector: Local Access Complexity: Medium Authentication: Single Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

References for CVE-2006-6563

https://www.exploit-db.com/exploits/3330

ProFTPd 1.3.0/1.3.0a - 'mod_ctrls' 'support' Local Buffer Overflow (1) - Linux local Exploit
http://www.trustix.org/errata/2006/0074/

Trustix | Empowering Trust and Security in the Digital Age

CVEs referencing this url
http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.039.html
http://www.securityfocus.com/archive/1/460648/100/0/threaded
http://secunia.com/advisories/23371

About Secunia Research | Flexera
Exploit;Patch;Vendor Advisory
http://www.coresecurity.com/?module=ContentMod&action=item&id=1594

Core Security | Cyber Threat Prevention & Identity Governance
Exploit;Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/30906

IBM X-Force Exchange
http://www.securityfocus.com/archive/1/460756/100/0/threaded
http://secunia.com/advisories/24163

About Secunia Research | Flexera
http://www.securityfocus.com/bid/21587

Exploit;Patch
http://security.gentoo.org/glsa/glsa-200702-02.xml

ProFTPD: Local privilege escalation (GLSA 200702-02) — Gentoo security
http://www.proftpd.org/docs/NEWS-1.3.1rc1

404 Not Found
http://www.securityfocus.com/archive/1/454320/100/0/threaded
http://secunia.com/advisories/23392

About Secunia Research | Flexera
http://www.mandriva.com/security/advisories?name=MDKSA-2006:232

Mandriva
http://secunia.com/advisories/23473

About Secunia Research | Flexera
http://www.vupen.com/english/advisories/2006/4998

Site en construction

Jump to

Vulnerability Details : CVE-2006-6563

Products affected by CVE-2006-6563

Exploit prediction scoring system (EPSS) score for CVE-2006-6563

CVSS scores for CVE-2006-6563

References for CVE-2006-6563