Lucene search
K

1565 matches found

seebug.org
seebug.org
added 2006/12/22 12:0 a.m.18 views

ProFTPD Controls模块本地缓冲区溢出漏洞

ProFTPD是一款流行的FTP服务程序。 ProFTPD Controls模块存在缓冲区溢出问题,本地攻击者可以利用漏洞提升特权获得ROOT权限。 问题存在于"Controls"模块中,这个是ProFTPD服务器的选项功能,必须在配置文件中激活。Controls是用于与独立运行的ProFTPD守护程序通信的模块。提供管理器实时更改守护进程行为而不需要重新启动守护程序的方法。问题代码在src/ctrls.c中的prctrlsrecvrequest函数中: ---------------------------------------------------- Code from...

6.9AI score
Exploits0
OSV
OSV
added 2006/12/15 11:28 a.m.5 views

CVE-2006-6563

Stack-based buffer overflow in the prctrlsrecvrequest function in ctrls.c in the modctrls module in ProFTPD before 1.3.1rc1 allows local users to execute arbitrary code via a large reqarglen length value...

7.7AI score
Exploits0References21
NVD
NVD
added 2006/12/15 11:28 a.m.15 views

CVE-2006-6563

Stack-based buffer overflow in the prctrlsrecvrequest function in ctrls.c in the modctrls module in ProFTPD before 1.3.1rc1 allows local users to execute arbitrary code via a large reqarglen length value...

6.6CVSS7.4AI score0.02298EPSS
Exploits1References17
OSV
OSV
added 2006/12/15 11:28 a.m.1 views

DEBIAN-CVE-2006-6563

Stack-based buffer overflow in the prctrlsrecvrequest function in ctrls.c in the modctrls module in ProFTPD before 1.3.1rc1 allows local users to execute arbitrary code via a large reqarglen length value...

6.6CVSS7.6AI score0.02298EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2006/12/15 11:0 a.m.19 views

CVE-2006-6563

Stack-based buffer overflow in the prctrlsrecvrequest function in ctrls.c in the modctrls module in ProFTPD before 1.3.1rc1 allows local users to execute arbitrary code via a large reqarglen length value...

6.6CVSS7.4AI score0.02298EPSS
Exploits1
Cvelist
Cvelist
added 2006/12/15 11:0 a.m.20 views

CVE-2006-6563

Stack-based buffer overflow in the prctrlsrecvrequest function in ctrls.c in the modctrls module in ProFTPD before 1.3.1rc1 allows local users to execute arbitrary code via a large reqarglen length value...

7.3AI score0.02298EPSS
Exploits1References17
CVE
CVE
added 2006/12/15 11:0 a.m.90 views

CVE-2006-6563

ProFTPD is affected by a local, stack-based buffer overflow in the mod_ctrls component. The vulnerability resides in the pr_ctrls_recv_request function (ctrls.c) of ProFTPD before 1.3.1rc1, where handling of a large reqarglen length value can allow a local attacker to execute arbitrary code. Affe...

6.6CVSS7.3AI score0.02298EPSS
Exploits1References17Affected Software1
seebug.org
seebug.org
added 2006/12/13 12:0 a.m.17 views

ProFTPD <= 1.3.0a (mod_ctrls support) Local Buffer Overflow PoC

No description provided by source. Core Security Technologies - Corelabs Advisory ProFTPD Controls buffer overflow import socket import os, os.path,stat This works with default proftpd 1.3.0a compiled with gcc 4.1.2 ubuntu edgy ctrlSocket = "/tmp/ctrls.sock" mySocket = "/tmp/notused.sock" canary ...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2006/12/13 12:0 a.m.6 views

ProFTPd 1.3.0a - mod_ctrls support Local Buffer Overflow (PoC)

ProFTPd 1.3.0a - modctrls support Local Buffer Overflow PoC Core Security Technologies - Corelabs Advisory ProFTPD Controls buffer overflow import socket import os, os.path,stat This works with default proftpd 1.3.0a compiled with gcc 4.1.2 ubuntu edgy ctrlSocket = "/tmp/ctrls.sock" mySocket =...

0.9AI score
Exploits0
0day.today
0day.today
added 2006/12/13 12:0 a.m.24 views

ProFTPD <= 1.3.0a (mod_ctrls support) Local Buffer Overflow PoC

Exploit for linux platform in category dos / poc =============================================================== ProFTPD = 1.3.0a modctrls support Local Buffer Overflow PoC =============================================================== Core Security Technologies - Corelabs Advisory ProFTPD...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2006/12/13 12:0 a.m.39 views

ProFTPd 1.3.0a - &#039;mod_ctrls&#039; &#039;support&#039; Local Buffer Overflow (PoC)

Core Security Technologies - Corelabs Advisory ProFTPD Controls buffer overflow import socket import os, os.path,stat This works with default proftpd 1.3.0a compiled with gcc 4.1.2 ubuntu edgy ctrlSocket = "/tmp/ctrls.sock" mySocket = "/tmp/notused.sock" canary = "\0\0\x0a\xff" trampoline =...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2006/12/04 12:0 a.m.75 views

Debian DSA-1222-2 : proftpd - several vulnerabilities

Due to technical problems yesterday's proftpd update lacked a build for the amd64 architecture, which is now available. For reference please find below the original advisory text : Several remote vulnerabilities have been discovered in the proftpd FTP daemon, which may lead to the execution of...

10CVSS6.9AI score0.74254EPSS
Exploits5References9
Tenable Nessus
Tenable Nessus
added 2006/12/04 12:0 a.m.33 views

GLSA-200611-26 : ProFTPD: Remote execution of arbitrary code

The remote host is affected by the vulnerability described in GLSA-200611-26 ProFTPD: Remote execution of arbitrary code Evgeny Legerov discovered a stack-based buffer overflow in the sreplace function in support.c, as well as a buffer overflow in in the modtls module. Additionally, an off-by-two...

10CVSS7.2AI score0.74254EPSS
Exploits5References4
Slackware Linux
Slackware Linux
added 2006/12/01 10:56 p.m.27 views

[slackware-security] proftpd

New proftpd packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and 11.0 to fix security issues. More details about this issue may be found in the Common Vulnerabilities and Exposures CVE database: https://vulners.com/cve/CVE-2006-5815 https://vulners.com/cve/CVE-2006-6170...

10CVSS7AI score0.74254EPSS
Exploits5
Debian
Debian
added 2006/12/01 6:11 p.m.21 views

[SECURITY] [DSA 1222-2] New proftpd packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 1222-2 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff December 1st, 2006 http://www.debian.org/security/faq -...

10CVSS7.7AI score0.74254EPSS
Exploits5
Packet Storm
Packet Storm
added 2006/12/01 12:0 a.m.68 views

vd_proftpd.pm.txt

Hi all, Name: ProFTPD remote buffer overflow vulnerability Vendor: http://www.proftpd.org Release date: 27 Nov, 2006 URL: http://www.gleg.net/proftpd.txt CVE: CVE-2006-5815 Author: Evgeny Legerov I. DESCRIPTION A remotely exploitable stack overflow vulnerability has been found in ProFTPD server...

10CVSS0.1AI score0.74254EPSS
Exploits4
Debian
Debian
added 2006/11/30 5:13 p.m.21 views

[SECURITY] [DSA 1222-1] New proftpd packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 1222-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff November 30th, 2006 http://www.debian.org/security/faq -...

10CVSS7.7AI score0.74254EPSS
Exploits5
UbuntuCve
UbuntuCve
added 2006/11/30 3:28 p.m.20 views

CVE-2006-6170

Buffer overflow in the tlsx509nameoneline function in the modtls module, as used in ProFTPD 1.3.0a and earlier, and possibly other products, allows remote attackers to execute arbitrary code via a large data length argument, a different vulnerability than CVE-2006-5815...

7.5CVSS6.6AI score0.17432EPSS
Exploits1References1
NVD
NVD
added 2006/11/30 3:28 p.m.11 views

CVE-2006-6171

ProFTPD 1.3.0a and earlier does not properly set the buffer size limit when CommandBufferSize is specified in the configuration file, which leads to an off-by-two buffer underflow. NOTE: in November 2006, the role of CommandBufferSize was originally associated with CVE-2006-5815, but this was an...

7.5CVSS6.1AI score0.0959EPSS
Exploits0References14
OSV
OSV
added 2006/11/30 3:28 p.m.1 views

DEBIAN-CVE-2006-6171

ProFTPD 1.3.0a and earlier does not properly set the buffer size limit when CommandBufferSize is specified in the configuration file, which leads to an off-by-two buffer underflow. NOTE: in November 2006, the role of CommandBufferSize was originally associated with CVE-2006-5815, but this was an...

7.5CVSS6.9AI score0.0959EPSS
Exploits0References1
Rows per page
Query Builder