| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.6 | $0-$5k | 0.00 |
Summary
A vulnerability identified as critical has been detected in ProFTPD 1.3.0a. Impacted is the function tls_x509_name_oneline of the component mod_tls. The manipulation leads to memory corruption.
This vulnerability is documented as CVE-2006-6170. Additionally, an exploit exists.
It is recommended to replace the affected component with an alternative.
Details
A vulnerability, which was classified as critical, has been found in ProFTPD 1.3.0a (File Transfer Software). This issue affects the function tls_x509_name_oneline of the component mod_tls. The manipulation with an unknown input leads to a memory corruption vulnerability. Using CWE to declare the problem leads to CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. Impacted is confidentiality, integrity, and availability. The summary by CVE is:
Buffer overflow in the tls_x509_name_oneline function in the mod_tls module, as used in ProFTPD 1.3.0a and earlier, and possibly other products, allows remote attackers to execute arbitrary code via a large data length argument, a different vulnerability than CVE-2006-5815.
The bug was discovered 11/28/2006. The weakness was released 11/28/2006 by Evgeny Legerov (Website). It is possible to read the advisory at lists.grok.org.uk. The identification of this vulnerability is CVE-2006-6170 since 11/30/2006. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. Technical details as well as a exploit are known.
The exploit is available at lists.grok.org.uk. It is declared as proof-of-concept. We expect the 0-day to have been worth approximately $25k-$100k. The vulnerability scanner Nessus provides a plugin with the ID 23757 (Debian DSA-1222-2 : proftpd - several vulnerabilities), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Debian Local Security Checks and running in the context l. The commercial vulnerability scanner Qualys is able to test this issue with plugin 27284 (ProFTPD MOD_TLS Remote Buffer Overflow Vulnerability).
Applying a patch is able to eliminate this problem. The bugfix is ready for download at proftpd.org. The problem might be mitigated by replacing the product with as an alternative. The best possible mitigation is suggested to be establishing an alternative product.
The vulnerability is also documented in the databases at X-Force (30554), Tenable (23757), SecurityFocus (BID 21326†), OSVDB (30719†) and Secunia (SA23141†). Entries connected to this vulnerability are available at VDB-2705 and VDB-33495. Be aware that VulDB is the high quality source for vulnerability data.
Product
Type
Name
Version
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.3VulDB Meta Temp Score: 6.6
VulDB Base Score: 7.3
VulDB Temp Score: 6.6
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Memory corruptionCWE: CWE-119
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Access: Public
Status: Proof-of-Concept
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 23757
Nessus Name: Debian DSA-1222-2 : proftpd - several vulnerabilities
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
OpenVAS ID: 57683
OpenVAS Name: Debian Security Advisory DSA 1222-1 (proftpd)
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: AlternativeStatus: 🔍
0-Day Time: 🔍
Patch: proftpd.org
Timeline
11/10/2006 🔍11/28/2006 🔍
11/28/2006 🔍
11/28/2006 🔍
11/28/2006 🔍
11/29/2006 🔍
11/30/2006 🔍
11/30/2006 🔍
11/30/2006 🔍
12/04/2006 🔍
12/10/2006 🔍
06/15/2025 🔍
Sources
Advisory: lists.grok.org.ukResearcher: Evgeny Legerov
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2006-6170 (🔍)
GCVE (CVE): GCVE-0-2006-6170
GCVE (VulDB): GCVE-100-2711
X-Force: 30554 - ProFTPD mod_tls module tls_x509_name_oneline() buffer overflow, High Risk
SecurityFocus: 21326 - ProFTPD MOD_TLS Remote Buffer Overflow Vulnerability
Secunia: 23141 - ProFTPD mod_tls Buffer Overflow Vulnerability, Moderately Critical
OSVDB: 30719 - mod_tls Module for ProFTPD tls_x509_name_oneline Function Remote Overflow
Vulnerability Center: 13232 - ProFTPD 1.3.0a and Earlier Buffer Overflow Allows Remote Code Execution, Critical
Vupen: ADV-2006-4745
scip Labs: https://www.scip.ch/en/?labs.20161013
See also: 🔍
Entry
Created: 11/29/2006 15:08Updated: 06/15/2025 14:55
Changes: 11/29/2006 15:08 (93), 07/11/2019 14:58 (1), 06/15/2025 14:55 (20)
Complete: 🔍
Cache ID: 216:60F:103
Be aware that VulDB is the high quality source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.