CVE-2006-5815

Description

Stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0 and earlier allows remote attackers, probably authenticated, to cause a denial of service and execute arbitrary code, as demonstrated by vd_proftpd.pm, a "ProFTPD remote exploit."

How to fix CVE-2006-5815

To remediate CVE-2006-5815, upgrade the affected package to a fixed version below.

• Debian/proftpd—upgrade to 1.2.10-15sarge3 or later
• Debian/proftpd-dfsg—upgrade to 1.3.0-15 or later

Is CVE-2006-5815 being exploited?

Likely — EPSS is 74.7%, placing CVE-2006-5815 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.

Affected packages (2)

• from 0, < 1.2.10-15sarge3
• from 0, < 1.3.0-15

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2006-5815