SecurityLex.Org
  Home My IP SecCon Glossary Vulnerability Tests Sans/FBI Top 20 Top 10 Ipfilter Recent Vulnerabilities Today's news Web Host Check 

VulnTests
SecureScout Testcase
eEye Retina RTH
Nessus Plugin ID
nCircle Sans CVE's
Dragonsoft Vuln ID
CVE Entries
Search CVSS vectors 
CVSS Base score between    and
Access Vector Confidentiality Impact
Access Complexity Integrity Impact
Authentification Availability Impact
Impact Bias

Your search for " CVE-2006-5815" returned:
CVE Entries: CVE-2006-6170Name: CVE-2006-6170
CVE References: cve.mitre.org, nvd.nist.gov
SANS/FBI TOP20 Reference:
Risk: HighCVSS Base Score: 7.5 (ver.2.0 upgrade from v1.0)
Access Vector: NetworkAccess Complexity: LowAuthentication: Not required
Confidentiality Impact: PartialIntegrity Impact: PartialAvailability Impact: PartialImpact Bias: N/A
Security vendors coverage:

SecureScout Testcase: 17187 

Nessus Plugin ID: 23757  23762  23952  24602  24660 

Dragonsoft Vuln ID: 2856 
Description: Buffer overflow in the tls_x509_name_oneline function in the mod_tls module, as used in ProFTPD 1.3.0a and earlier, and possibly other products, allows remote attackers to execute arbitrary code via a large data length argument, a different vulnerability than CVE-2006-5815.
Vulnerability Type: Input validation error: buffer overflow
Vulnerable Versions:

Product: ProFTPD Vendor: ProFTPD Project

Versions:
1.3.0a    Previous versions are also affected.
References:

BUGTRAQ: http://www.securityfocus.com/archive/1/archive/1/452228/100/100/threaded

BUGTRAQ: http://www.securityfocus.com/archive/1/archive/1/452872/100/0/threaded

FULLDISC: http://lists.grok.org.uk/pipermail/full-disclosure/2006-November/050935.html

http://elegerov.blogspot.com/2006/10/do-you-remember-2-years-old-overflow.html

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=214820

FRSIRT: http://www.frsirt.com/english/advisories/2006/4745

SECUNIA: http://secunia.com/advisories/23141

DEBIAN: http://www.debian.org/security/2006/dsa-1222

BUGTRAQ: http://www.securityfocus.com/archive/1/archive/1/452993/100/100/threaded

GENTOO: http://www.gentoo.org/security/en/glsa/glsa-200611-26.xml

MANDRIVA: http://www.mandriva.com/security/advisories?name=MDKSA-2006:217-1

SLACKWARE: http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.502491

BID: http://www.securityfocus.com/bid/21326

SECUNIA: http://secunia.com/advisories/23174

SECUNIA: http://secunia.com/advisories/23179

SECUNIA: http://secunia.com/advisories/23184

SECUNIA: http://secunia.com/advisories/23207

XF: http://xforce.iss.net/xforce/xfdb/30554

TRUSTIX: http://www.trustix.org/errata/2006/0066
Created: 2006-11-30 00:00:00Last Changed: 2006-11-30 00:00:00

CVE Entries: CVE-2006-6171Name: CVE-2006-6171
CVE References: cve.mitre.org, nvd.nist.gov
SANS/FBI TOP20 Reference:
Risk: HighCVSS Base Score: 7.5 (ver.2.0)
Access Vector: NetworkAccess Complexity: LowAuthentication: Not required
Confidentiality Impact: PartialIntegrity Impact: PartialAvailability Impact: PartialImpact Bias: N/A
Security vendors coverage:

SecureScout Testcase: 17061 

Nessus Plugin ID: 23757  23757  23757  23762  23762  23762  23704  24602  24660 

Dragonsoft Vuln ID: 2859 
Description: ** DISPUTED ** ProFTPD 1.3.0a and earlier does not properly set the buffer size limit when CommandBufferSize is specified in the configuration file, which leads to an off-by-two buffer underflow. NOTE: in November 2006, the role of CommandBufferSize was originally associated with CVE-2006-5815, but this was an error stemming from a vague initial disclosure. NOTE: ProFTPD developers dispute this issue, saying that the relevant memory location is overwritten by assignment before further use within the affected function, so this is not a vulnerability.
Vulnerability Type: Input validation error: buffer overflow
Vulnerable Versions:

Product: ProFTPD Vendor: ProFTPD Project

Versions:
1.3.0a    Previous versions are also affected.
References:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=214820

http://proftp.cvs.sourceforge.net/proftp/proftpd/src/main.c?r1=1.292&r2=1.293&sortby=date

DEBIAN: http://www.debian.org/security/2006/dsa-1218

DEBIAN: http://www.debian.org/security/2006/dsa-1222

GENTOO: http://www.gentoo.org/security/en/glsa/glsa-200611-26.xml

MANDRIVA: http://www.mandriva.com/security/advisories?name=MDKSA-2006:217-1

SLACKWARE: http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.502491

SECUNIA: http://secunia.com/advisories/23174

SECUNIA: http://secunia.com/advisories/23179

SECUNIA: http://secunia.com/advisories/23184

SECUNIA: http://secunia.com/advisories/23207

TRUSTIX: http://www.trustix.org/errata/2006/0070

SECUNIA: http://secunia.com/advisories/23329

OPENPKG: http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.035.html
Created: 2006-11-30 00:00:00Last Changed: 2006-12-11 00:00:00
 
 The Complete Lexicon to Security