Unrated severityNVD Advisory· Published Nov 30, 2006· Updated Apr 23, 2026
CVE-2006-6171
CVE-2006-6171
Description
ProFTPD 1.3.0a and earlier does not properly set the buffer size limit when CommandBufferSize is specified in the configuration file, which leads to an off-by-two buffer underflow. NOTE: in November 2006, the role of CommandBufferSize was originally associated with CVE-2006-5815, but this was an error stemming from a vague initial disclosure. NOTE: ProFTPD developers dispute this issue, saying that the relevant memory location is overwritten by assignment before further use within the affected function, so this is not a vulnerability
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
14- proftp.cvs.sourceforge.net/proftp/proftpd/src/main.cnvdVendor Advisory
- bugzilla.redhat.com/bugzilla/show_bug.cginvdVendor Advisory
- secunia.com/advisories/23174nvd
- secunia.com/advisories/23179nvd
- secunia.com/advisories/23184nvd
- secunia.com/advisories/23207nvd
- secunia.com/advisories/23329nvd
- slackware.com/security/viewer.phpnvd
- www.debian.org/security/2006/dsa-1218nvd
- www.debian.org/security/2006/dsa-1222nvd
- www.gentoo.org/security/en/glsa/glsa-200611-26.xmlnvd
- www.mandriva.com/security/advisoriesnvd
- www.openpkg.com/security/advisories/OpenPKG-SA-2006.035.htmlnvd
- www.trustix.org/errata/2006/0070nvd
News mentions
0No linked articles in our index yet.