Vulnerabilities > CVE-2006-6767 - Reachable Assertion vulnerability in Time-Travellers Oftpd
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
oftpd before 0.3.7 allows remote attackers to cause a denial of service (daemon abort) via a (1) LPRT or (2) LPASV command with an unsupported address family, which triggers an assertion failure.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
description | Oftpd 0.3.7 Unsupported Address Family Remote Denial of Service Vulnerability. CVE-2006-6767. Dos exploit for linux platform |
id | EDB-ID:29470 |
last seen | 2016-02-03 |
modified | 2007-01-15 |
published | 2007-01-15 |
reporter | anonymous |
source | https://www.exploit-db.com/download/29470/ |
title | Oftpd 0.3.7 Unsupported Address Family Remote Denial of Service Vulnerability |
Nessus
NASL family | Gentoo Local Security Checks |
NASL id | GENTOO_GLSA-200701-09.NASL |
description | The remote host is affected by the vulnerability described in GLSA-200701-09 (oftpd: Denial of Service) By specifying an unsupported address family in the arguments to a LPRT or LPASV command, an assertion in oftpd will cause the daemon to abort. Impact : Remote, unauthenticated attackers may be able to terminate any oftpd process, denying service to legitimate users. Workaround : There is no known workaround at this time. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 24207 |
published | 2007-01-17 |
reporter | This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/24207 |
title | GLSA-200701-09 : oftpd: Denial of Service |
code |
|
Seebug
bulletinFamily | exploit |
description | BUGTRAQ ID: 22073 CVE(CAN) ID: CVE-2006-6767 oftpd是一款FTP服务程序。 oftpd在处理畸形的LPSV和LPRT命令参数时存在拒绝服务漏洞,远程攻击者可能利用此漏洞导致进程崩溃。 如果上述命令参数数据中包含有不支持的地址家族的话,就会触发异常失败,导致oftpd终止。 oftpd oftpd 0.3.7 厂商补丁: Gentoo ------ Gentoo已经为此发布了一个安全公告(GLSA 200701-09)以及相应补丁: GLSA 200701-09:oftpd: Denial of Service 链接:<a href="http://www.gentoo.org/security/en/glsa/glsa-200701-09.xml" target="_blank">http://www.gentoo.org/security/en/glsa/glsa-200701-09.xml</a> 所有oftpd用户都应升级到最新版本: # emerge --sync # emerge --ask --oneshot --verbose ">=net-ftp/oftpd-0.3.7-r3" |
id | SSV:1224 |
last seen | 2017-11-19 |
modified | 2007-01-17 |
published | 2007-01-17 |
reporter | Root |
source | https://www.seebug.org/vuldb/ssvid-1224 |
title | oftpd LPSV及LPRT命令拒绝服务漏洞 |
References
- http://osvdb.org/32822
- http://secunia.com/advisories/23790
- http://secunia.com/advisories/23797
- http://securitytracker.com/id?1017517
- http://www.gentoo.org/security/en/glsa/glsa-200701-09.xml
- http://www.securityfocus.com/bid/22073
- http://www.vupen.com/english/advisories/2007/0198
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31520
- http://osvdb.org/32822
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31520
- http://www.vupen.com/english/advisories/2007/0198
- http://www.securityfocus.com/bid/22073
- http://www.gentoo.org/security/en/glsa/glsa-200701-09.xml
- http://securitytracker.com/id?1017517
- http://secunia.com/advisories/23797
- http://secunia.com/advisories/23790