Vulnerability Name:

CVE-2006-6563 (CCN-30906)

Assigned:2006-12-13
Published:2006-12-13
Updated:2018-10-17
Summary:Stack-based buffer overflow in the pr_ctrls_recv_request function in ctrls.c in the mod_ctrls module in ProFTPD before 1.3.1rc1 allows local users to execute arbitrary code via a large reqarglen length value.
This vulnerability is addressed in the following product update:
ProFTPD Project, ProFTPD, 1.3.1rc1
CVSS v3 Severity:8.2 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:6.6 Medium (CVSS v2 Vector: AV:L/AC:M/Au:S/C:C/I:C/A:C)
4.9 Medium (Temporal CVSS v2 Vector: AV:L/AC:M/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2006-6563

Source: CCN
Type: SA23371
ProFTPD "mod_ctrls" Privilege Escalation Vulnerability

Source: SECUNIA
Type: Exploit, Patch, Vendor Advisory
23371

Source: SECUNIA
Type: UNKNOWN
23392

Source: SECUNIA
Type: UNKNOWN
23473

Source: SECUNIA
Type: UNKNOWN
24163

Source: GENTOO
Type: UNKNOWN
GLSA-200702-02

Source: MISC
Type: Exploit, Patch
http://www.coresecurity.com/?module=ContentMod&action=item&id=1594

Source: CCN
Type: CORE-2006-1127
ProFTPD Controls Buffer Overflow

Source: CCN
Type: GLSA-200702-02
ProFTPD: Local privilege escalation

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:232

Source: CCN
Type: OpenPKG-SA-2006.039
ProFTPD

Source: OPENPKG
Type: UNKNOWN
OpenPKG-SA-2006.039

Source: CCN
Type: OSVDB ID: 31509
ProFTPD mod_ctrls Module pr_ctrls_recv_request Function Local Overflow

Source: CCN
Type: ProFTPD Web site
The ProFTPD Project: Home

Source: CONFIRM
Type: UNKNOWN
http://www.proftpd.org/docs/NEWS-1.3.1rc1

Source: BUGTRAQ
Type: UNKNOWN
20061213 CORE-2006-1127: ProFTPD Controls Buffer Overflow

Source: BUGTRAQ
Type: UNKNOWN
20070219 ProFTPD 1.3.0/1.3.0a (mod_ctrls support) Local Buffer Overflow Exploit

Source: BUGTRAQ
Type: UNKNOWN
20070221 Re: ProFTPD 1.3.0/1.3.0a (mod_ctrls support) Local Buffer Overflow Exploit

Source: BID
Type: Exploit, Patch
21587

Source: CCN
Type: BID-21587
ProFTPD Controls Module Local Buffer Overflow Vulnerability

Source: TRUSTIX
Type: UNKNOWN
2006-0074

Source: VUPEN
Type: UNKNOWN
ADV-2006-4998

Source: XF
Type: UNKNOWN
proftpd-controls-bo(30906)

Source: XF
Type: UNKNOWN
proftpd-controls-bo(30906)

Source: EXPLOIT-DB
Type: UNKNOWN
3330

Vulnerable Configuration:Configuration 1:
  • cpe:/a:proftpd_project:proftpd:1.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd_project:proftpd:1.3.0a:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:proftpd:proftpd:1.3.0:a:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.3.0:*:*:*:*:*:*:*
  • AND
  • cpe:/a:openpkg:openpkg:current:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007::x86_64:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    proftpd_project proftpd 1.3.0
    proftpd_project proftpd 1.3.0a
    proftpd proftpd 1.3.0 a
    proftpd proftpd 1.3.0
    openpkg openpkg current
    gentoo linux *
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux 2007