| Name | CVE-2006-6171 |
| Description | ProFTPD 1.3.0a and earlier does not properly set the buffer size limit when CommandBufferSize is specified in the configuration file, which leads to an off-by-two buffer underflow. NOTE: in November 2006, the role of CommandBufferSize was originally associated with CVE-2006-5815, but this was an error stemming from a vague initial disclosure. NOTE: ProFTPD developers dispute this issue, saying that the relevant memory location is overwritten by assignment before further use within the affected function, so this is not a vulnerability |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DSA-1218-1 |
| Debian Bugs | 399070 |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| proftpd-dfsg (PTS) | bullseye | 1.3.7a+dfsg-12+deb11u2 | fixed |
| bullseye (security) | 1.3.7a+dfsg-12+deb11u5 | fixed | |
| bookworm, bookworm (security) | 1.3.8+dfsg-4+deb12u4 | fixed | |
| trixie | 1.3.8.c+dfsg-4 | fixed | |
| forky, sid | 1.3.9~dfsg-3 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| proftpd | source | sarge | 1.2.10-15sarge2 | DSA-1218-1 | ||
| proftpd-dfsg | source | (unstable) | 1.3.0-13 | low | 399070 |