1565 matches found
CVE-2006-6170
Buffer overflow in the tlsx509nameoneline function in the modtls module, as used in ProFTPD 1.3.0a and earlier, and possibly other products, allows remote attackers to execute arbitrary code via a large data length argument, a different vulnerability than CVE-2006-5815...
DEBIAN-CVE-2006-6171
ProFTPD 1.3.0a and earlier does not properly set the buffer size limit when CommandBufferSize is specified in the configuration file, which leads to an off-by-two buffer underflow. NOTE: in November 2006, the role of CommandBufferSize was originally associated with CVE-2006-5815, but this was an...
DEBIAN-CVE-2006-6170
Buffer overflow in the tlsx509nameoneline function in the modtls module, as used in ProFTPD 1.3.0a and earlier, and possibly other products, allows remote attackers to execute arbitrary code via a large data length argument, a different vulnerability than CVE-2006-5815...
CVE-2006-6171
ProFTPD 1.3.0a and earlier are affected by three CVEs in the provided docs: CVE-2006-5815 (sreplace function buffer overflow) may cause memory corruption with potential code execution or DoS; CVE-2006-6170 (mod_tls tls_x509_name_oneline overflow) enables remote code execution via a large data len...
CVE-2006-6170
Buffer overflow in the tlsx509nameoneline function in the modtls module, as used in ProFTPD 1.3.0a and earlier, and possibly other products, allows remote attackers to execute arbitrary code via a large data length argument, a different vulnerability than CVE-2006-5815...
CVE-2006-6171
ProFTPD 1.3.0a and earlier does not properly set the buffer size limit when CommandBufferSize is specified in the configuration file, which leads to an off-by-two buffer underflow. NOTE: in November 2006, the role of CommandBufferSize was originally associated with CVE-2006-5815, but this was an...
CVE-2006-6170
ProFTPD 1.3.0a and earlier are affected by buffer overflow vulnerabilities: CVE-2006-6170 (tls_x509_name_oneline in mod_tls) can allow remote code execution via a large data length; CVE-2006-5815 (sreplace) may also enable code execution via a crafted FTP sequence; CVE-2006-6171 relates to comman...
CVE-2006-6171
ProFTPD 1.3.0a and earlier does not properly set the buffer size limit when CommandBufferSize is specified in the configuration file, which leads to an off-by-two buffer underflow. NOTE: in November 2006, the role of CommandBufferSize was originally associated with CVE-2006-5815, but this was an...
CVE-2006-6170
Buffer overflow in the tlsx509nameoneline function in the modtls module, as used in ProFTPD 1.3.0a and earlier, and possibly other products, allows remote attackers to execute arbitrary code via a large data length argument, a different vulnerability than CVE-2006-5815...
ProFTPD: Remote execution of arbitrary code
Background ProFTPD is a highly-configurable FTP server. Description Evgeny Legerov discovered a stack-based buffer overflow in the sreplace function in support.c, as well as a buffer overflow in in the modtls module. Additionally, an off-by-two error related to the CommandBufferSize configuration...
DSA-1222-1 proftpd
Bulletin has no description...
ProFTPD mod_tls预认证远程缓冲区溢出漏洞
ProFTPD是一款开放源代码FTP服务程序。 ProFTPD的模块modtls在处理用户认证时存在缓冲溢出漏洞,远程攻击者可能利用此漏洞完全控制服务器。 ProFTPD的modtls模块的tlsx509nameoneline函数中存在远程溢出漏洞,允许远程未经认证的攻击者获得root用户权限。漏洞相关的代码如下: contrib/modtls.c: """ static char tlsx509nameonelineX509NAME x509name static char buf256 = '\0'; / If we are using OpenSSL 0.9.6 or newer,...
Exploits [0day] ProFTPD 1.3.0 stack overflow
No description provided by source. vdproftpd.pm - Metasploit module for ProFTPD stack overflow Copyright c 2006 Evgeny Legerov Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this...
ProFTPD 1.3.0 (sreplace) Remote Stack Overflow Exploit (meta)
No description provided by source. vdproftpd.pm - Metasploit module for ProFTPD stack overflow Copyright c 2006 Evgeny Legerov Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this...
ProFTPD buffer overflow
Off-by-one vulnerability in sreplace is used for remote root access...
CVE-2006-5815: remote code execution in ProFTPD
======= Summary ======= On 6 November 2006, Evgeny Legerov [email protected] posted to BUGTRAQ1, announcing his commercial VulnDisco Pack for Metasploit 2.72. One of the included exploits, vdproftpd.pm, takes advantage of an off-by-one string manipulation flaw in ProFTPD's sreplace function to allow...
[Full-disclosure] ProFTPD 1.3.0 remote stack overflow
Hi all, Our ProFTPD advisory is below. Name: ProFTPD remote buffer overflow vulnerability Vendor: http://www.proftpd.org Release date: 27 Nov, 2006 URL: http://www.gleg.net/proftpd.txt CVE: CVE-2006-5815 Author: Evgeny Legerov research at gleg.net I. DESCRIPTION A remotely exploitable stack...
ProFTPD 1.3.0 (sreplace) Remote Stack Overflow Exploit (meta)
Exploit for linux platform in category remote exploits ============================================================= ProFTPD 1.3.0 sreplace Remote Stack Overflow Exploit meta ============================================================= vdproftpd.pm - Metasploit module for ProFTPD stack overflow...
ProFTPd 1.3.0 - sreplace Remote Stack Overflow (Metasploit)
ProFTPd 1.3.0 - sreplace Remote Stack Overflow Metasploit vdproftpd.pm - Metasploit module for ProFTPD stack overflow Copyright c 2006 Evgeny Legerov Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above...
ProFTPd 1.3.0 - 'sreplace' Remote Stack Overflow (Metasploit)
vdproftpd.pm - Metasploit module for ProFTPD stack overflow Copyright c 2006 Evgeny Legerov Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies...