10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.345 Low
EPSS
Percentile
96.5%
Due to technical problems yesterday’s proftpd update lacked a build for
the amd64 architecture, which is now available. For reference please find
below the original advisory text:
>
> Several remote vulnerabilities have been discovered in the proftpd FTP
> daemon, which may lead to the execution of arbitrary code or denial
> of service. The Common Vulnerabilities and Exposures project identifies
> the following problems:
>
>
> * CVE-2006-5815
> It was discovered that a buffer overflow in the sreplace()
function
> may lead to denial of service and possibly the execution of arbitrary
> code.
> * CVE-2006-6170
> It was discovered that a buffer overflow in the mod_tls addon module
> may lead to the execution of arbitrary code.
> * CVE-2006-6171
> It was discovered that insufficient validation of FTP command buffer
> size limits may lead to denial of service. Due to unclear information
> this issue was already fixed in DSA-1218 as CVE-2006-5815.
>
>
>
For the stable distribution (sarge) these problems have been fixed in version
1.2.10-15sarge3.
For the unstable distribution (sid) these problems have been fixed in
version 1.3.0-16 of the proftpd-dfsg package.
We recommend that you upgrade your proftpd package.
CPE | Name | Operator | Version |
---|---|---|---|
proftpd | eq | 1.2.10-15 | |
proftpd | eq | 1.2.10-15sarge1 | |
proftpd | eq | 1.2.10-15sarge1.0.1 | |
proftpd | eq | 1.2.10-15sarge2 |