CVE-2006-6767

oftpd before 0.3.7 allows remote attackers to cause a denial of service (daemon abort) via a (1) LPRT or (2) LPASV command with an unsupported address family, which triggers an assertion failure.

Published: Jan 16, 2007
Updated: Apr 13, 2023
CVE: CVE-2006-6767
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: High
Score: 9.4
AV:N/AC:L/Au:N/C:N/I:C/A:C

CWEs:

CWE-617

Affected Software
References

Software	From	Fixed in
time-travellers / oftpd	-	0.3.7

http://osvdb.org/32822
http://secunia.com/advisories/23790
http://secunia.com/advisories/23797
http://securitytracker.com/id?1017517
http://www.gentoo.org/security/en/glsa/glsa-200701-09.xml
http://www.securityfocus.com/bid/22073
http://www.vupen.com/english/advisories/2007/0198
https://exchange.xforce.ibmcloud.com/vulnerabilities/31520

Vulnerability Database

290,922

CVE-2006-6767