Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (File Transfer/Sharing)  >   ProFTPD Vendors:   ProFTPd
ProFTPD sreplace() Off-by-one Bug Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1017167
SecurityTracker URL:
CVE Reference:   CVE-2006-5815   (Links to External Site)
Updated:  Nov 28 2006
Original Entry Date:  Nov 7 2006
Impact:   Execution of arbitrary code via network, Root access via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 1.3.0 and prior versions
Description:   A vulnerability was reported in ProFTPD. A remote authenticated user can execute arbitrary code on the target system.

A remote authenticated user can send specially crafted data to execute arbitrary code on the target system. The code will run with the privileges of the target service (typically root privileges).

The vulnerability resides in the sreplace() function in 'src/support.c'.

A demonstration exploit (as part of the commercial VulnDisco Pack for Metasploit) is available from GLEG Ltd.

This vulnerability was reported by Evgeny Legerov.

Impact:   A remote authenticated user can execute arbitrary code on the target system.
Solution:   The vendor has issued a fixed version (1.3.0a), available at:

Vendor URL: (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   None.

 Source Message Contents

Subject:  [Full-disclosure] VulnDisco Pack for Metasploit is available

Hi All,

I am glad to announce that free version of VulnDisco Pack for Metasploit
Framework 2.7 is available for download.

This release includes the following 0day exploits: - [0day] Query info from LDAP server - [0day] Omni-NFS Enterprise remote exploit - [0day] OpenLDAP DoS

You can download it here:

For more info about VulnDisco Pack for Metasploit please visit:

Best regards,
Evgeny Legerov

Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, LLC