Vulnerabilities > CVE-2006-6576 - Out-Of-Bounds Write vulnerability in Goldenftpserver Golden FTP Server 1.92
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Heap-based buffer overflow in Golden FTP Server (goldenftpd) 1.92 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long PASS command. NOTE: it was later reported that 4.70 is also affected. NOTE: the USER vector is already covered by CVE-2005-0634.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
description GoldenFTP PASS Stack Buffer Overflow. CVE-2006-6576. Remote exploit for windows platform id EDB-ID:17355 last seen 2016-02-02 modified 2011-06-02 published 2011-06-02 reporter metasploit source https://www.exploit-db.com/download/17355/ title Golden FTP 4.70 - PASS Stack Buffer Overflow description Golden FTP Server 4.70 - PASS Command Buffer Overflow Exploit. CVE-2006-6576. Remote exploit for windows platform file exploits/windows/remote/16036.rb id EDB-ID:16036 last seen 2016-02-01 modified 2011-01-23 platform windows port published 2011-01-23 reporter cd1zz and iglesiasgg source https://www.exploit-db.com/download/16036/ title Golden FTP Server 4.70 - PASS Command Buffer Overflow Exploit type remote
Metasploit
| description | This module exploits a vulnerability in the Golden FTP service, using the PASS command to cause a buffer overflow. Please note that in order trigger the vulnerable code, the victim machine must have the "Show new connections" setting enabled. By default, this option is unchecked. |
| id | MSF:EXPLOIT/WINDOWS/FTP/GOLDENFTP_PASS_BOF |
| last seen | 2020-05-26 |
| modified | 2017-07-24 |
| published | 2011-06-02 |
| references | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6576 |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/ftp/goldenftp_pass_bof.rb |
| title | GoldenFTP PASS Stack Buffer Overflow |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/101952/goldenftp_pass_bof.rb.txt |
| id | PACKETSTORM:101952 |
| last seen | 2016-12-05 |
| published | 2011-06-03 |
| reporter | bannedit |
| source | https://packetstormsecurity.com/files/101952/GoldenFTP-PASS-Stack-Buffer-Overflow.html |
| title | GoldenFTP PASS Stack Buffer Overflow |
References
- http://packetstormsecurity.com/files/161711/Golden-FTP-Server-4.70-Buffer-Overflow.html
- http://retrogod.altervista.org/golden_heap.html
- http://secunia.com/advisories/23323
- http://www.exploit-db.com/exploits/16036
- http://www.securityfocus.com/bid/45924
- http://www.securityfocus.com/bid/45957
- http://www.vupen.com/english/advisories/2006/4936