Vulnerability Description
Stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0 and earlier allows remote attackers, probably authenticated, to cause a denial of service and execute arbitrary code, as demonstrated by vd_proftpd.pm, a "ProFTPD remote exploit."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Proftpd Project | Proftpd | <= 1.3.0 |
Related Weaknesses (CWE)
References
- http://bugs.proftpd.org/show_bug.cgi?id=2858
- http://gleg.net/vulndisco_meta.shtml
- http://secunia.com/advisories/22803Vendor Advisory
- http://secunia.com/advisories/22821Vendor Advisory
- http://secunia.com/advisories/23000Vendor Advisory
- http://secunia.com/advisories/23069Vendor Advisory
- http://secunia.com/advisories/23125Vendor Advisory
- http://secunia.com/advisories/23174Vendor Advisory
- http://secunia.com/advisories/23179Vendor Advisory
- http://secunia.com/advisories/23184Vendor Advisory
- http://secunia.com/advisories/23207Vendor Advisory
- http://securitytracker.com/id?1017167
- http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware
- http://www.debian.org/security/2006/dsa-1222
- http://www.gentoo.org/security/en/glsa/glsa-200611-26.xml
FAQ
What is CVE-2006-5815?
CVE-2006-5815 is a vulnerability with a CVSS score of 10.0 (HIGH). Stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0 and earlier allows remote attackers, probably authenticated, to cause a denial of service and execute arbitrary code, as demonstra...
How severe is CVE-2006-5815?
CVE-2006-5815 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-5815?
Check the references section above for vendor advisories and patch information. Affected products include: Proftpd Project Proftpd.