CVE - CVE-2006-6171

CVE-ID
CVE-2006-6171	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
DISPUTED ProFTPD 1.3.0a and earlier does not properly set the buffer size limit when CommandBufferSize is specified in the configuration file, which leads to an off-by-two buffer underflow. NOTE: in November 2006, the role of CommandBufferSize was originally associated with CVE-2006-5815, but this was an error stemming from a vague initial disclosure. NOTE: ProFTPD developers dispute this issue, saying that the relevant memory location is overwritten by assignment before further use within the affected function, so this is not a vulnerability.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=214820 DEBIAN:DSA-1218 URL:http://www.debian.org/security/2006/dsa-1218 DEBIAN:DSA-1222 URL:http://www.debian.org/security/2006/dsa-1222 GENTOO:GLSA-200611-26 URL:http://www.gentoo.org/security/en/glsa/glsa-200611-26.xml MANDRIVA:MDKSA-2006:217-1 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2006:217-1~~ (Obsolete source) MISC:http://proftp.cvs.sourceforge.net/proftp/proftpd/src/main.c?r1=1.292&r2=1.293&sortby=date OPENPKG:OpenPKG-SA-2006.035 URL:http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.035.html SECUNIA:23174 URL:http://secunia.com/advisories/23174 SECUNIA:23179 URL:http://secunia.com/advisories/23179 SECUNIA:23184 URL:http://secunia.com/advisories/23184 SECUNIA:23207 URL:http://secunia.com/advisories/23207 SECUNIA:23329 URL:http://secunia.com/advisories/23329 SLACKWARE:SSA:2006-335-02 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.502491 TRUSTIX:2006-0070 URL:~~http://www.trustix.org/errata/2006/0070~~ (Obsolete source - check if archived by the Wayback Machine)
Assigning CNA
MITRE Corporation
Date Record Created
20061130	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20061130)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)