CVE-2006-1253

Unspecified vulnerability in glFTPd before 2.01 RC5 allows remote attackers to bypass IP checks via a crafted DNS hostname, possibly a hostname that appears to be an IP address.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/advisories/19221	Patch Vendor Advisory
http://www.glftpd.com/files/docs/changelog	URL Repurposed
http://www.securityfocus.com/bid/17118

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:glftpd:glftpd:1.18:::::::*
	cpe:2.3:a:glftpd:glftpd:1.19:::::::*
	cpe:2.3:a:glftpd:glftpd:1.20:::::::*
	cpe:2.3:a:glftpd:glftpd:1.21:::::::*
	cpe:2.3:a:glftpd:glftpd:1.22:::::::*
	cpe:2.3:a:glftpd:glftpd:1.23:::::::*
	cpe:2.3:a:glftpd:glftpd:1.24:::::::*
	cpe:2.3:a:glftpd:glftpd:1.25:::::::*
	cpe:2.3:a:glftpd:glftpd:1.26:::::::*
	cpe:2.3:a:glftpd:glftpd:1.27:::::::*
	cpe:2.3:a:glftpd:glftpd:1.28:::::::*
	cpe:2.3:a:glftpd:glftpd:1.29:::::::*
	cpe:2.3:a:glftpd:glftpd:1.29.1:::::::*
	cpe:2.3:a:glftpd:glftpd:1.30:::::::*
	cpe:2.3:a:glftpd:glftpd:1.31:::::::*
	cpe:2.3:a:glftpd:glftpd:1.32:::::::*
	cpe:2.3:a:glftpd:glftpd:2.0:::::::*
	cpe:2.3:a:glftpd:glftpd:2.0_rc1:::::::*
	cpe:2.3:a:glftpd:glftpd:2.0_rc2:::::::*
	cpe:2.3:a:glftpd:glftpd:2.0_rc3:::::::*
	cpe:2.3:a:glftpd:glftpd:2.0_rc4:::::::*
	cpe:2.3:a:glftpd:glftpd:2.0_rc5:::::::*
	cpe:2.3:a:glftpd:glftpd:2.0_rc6:::::::*
	cpe:2.3:a:glftpd:glftpd:2.0_rc7:::::::*
	cpe:2.3:a:glftpd:glftpd:2.01_rc1:::::::*
	cpe:2.3:a:glftpd:glftpd:2.01_rc2:::::::*
	cpe:2.3:a:glftpd:glftpd:2.01_rc3:::::::*
	cpe:2.3:a:glftpd:glftpd:2.01_rc4:::::::*

History

14 Feb 2024, 01:17

Type	Values Removed	Values Added
References	~~() http://www.glftpd.com/files/docs/changelog -~~	() http://www.glftpd.com/files/docs/changelog - URL Repurposed

Information

Published : 2006-03-19 01:02

Updated : 2024-02-14 01:17

NVD link : CVE-2006-1253

Mitre link : CVE-2006-1253

CVE.ORG link : CVE-2006-1253

JSON object : View

Products Affected

glftpd

glftpd

CWE

NVD-CWE-Other

{"id": "CVE-2006-1253", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2006-03-19T01:02:00.000", "references": [{"url": "http://secunia.com/advisories/19221", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.glftpd.com/files/docs/changelog", "tags": ["URL Repurposed"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/17118", "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in glFTPd before 2.01 RC5 allows remote attackers to bypass IP checks via a crafted DNS hostname, possibly a hostname that appears to be an IP address."}], "lastModified": "2024-02-14T01:17:43.863", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:glftpd:glftpd:1.18:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4E50A926-D68F-4B1E-A009-0808611885B7"}, {"criteria": "cpe:2.3:a:glftpd:glftpd:1.19:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2EC24C84-A059-4F09-AE7D-1F077AE8F291"}, {"criteria": "cpe:2.3:a:glftpd:glftpd:1.20:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B8C2E9C-2305-4DAD-8406-D5BFAFBBEEC3"}, {"criteria": "cpe:2.3:a:glftpd:glftpd:1.21:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93D1CB71-B47D-4683-8174-328676D31DC1"}, {"criteria": "cpe:2.3:a:glftpd:glftpd:1.22:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "91C1CCAA-543B-45EA-ABA1-768CEC9B7B84"}, {"criteria": "cpe:2.3:a:glftpd:glftpd:1.23:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE1E9A9B-BD3E-4D6B-87F5-1A84ACE32115"}, {"criteria": "cpe:2.3:a:glftpd:glftpd:1.24:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "81FD5F55-1937-4063-B534-B04AD0C4DE18"}, {"criteria": "cpe:2.3:a:glftpd:glftpd:1.25:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E99FE53F-F64C-486C-B36F-A987A00F0BFA"}, {"criteria": "cpe:2.3:a:glftpd:glftpd:1.26:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "648069B8-DCAD-4E41-8721-64ED93CF5D4F"}, {"criteria": "cpe:2.3:a:glftpd:glftpd:1.27:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8BC92E29-F4C6-4529-B691-1B3C9621BECB"}, {"criteria": "cpe:2.3:a:glftpd:glftpd:1.28:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA83D5D1-47A5-4173-9C03-3BBECB446CDD"}, {"criteria": "cpe:2.3:a:glftpd:glftpd:1.29:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B349E5EE-7190-4CC3-9015-10380DBC281F"}, {"criteria": "cpe:2.3:a:glftpd:glftpd:1.29.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F6AE9464-A3D2-4CAE-90F2-E241FEE8D75F"}, {"criteria": "cpe:2.3:a:glftpd:glftpd:1.30:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2AB9FE1C-742B-4EE5-93E1-FF74AF070E0D"}, {"criteria": "cpe:2.3:a:glftpd:glftpd:1.31:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2CA4FD5-451F-4657-B494-F48DA6D933E7"}, {"criteria": "cpe:2.3:a:glftpd:glftpd:1.32:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6C626C28-742B-4F6D-94E0-56B445260522"}, {"criteria": "cpe:2.3:a:glftpd:glftpd:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E5F0131D-0E50-433A-ABEB-3B0062BFDC9F"}, {"criteria": "cpe:2.3:a:glftpd:glftpd:2.0_rc1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "11FFFE55-070E-45B1-889D-0F81EAA1E213"}, {"criteria": "cpe:2.3:a:glftpd:glftpd:2.0_rc2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2931F258-AECE-4181-905A-D8801E12721B"}, {"criteria": "cpe:2.3:a:glftpd:glftpd:2.0_rc3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "28D773FC-D4D3-495D-BDE0-155B896D1B7B"}, {"criteria": "cpe:2.3:a:glftpd:glftpd:2.0_rc4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A0D405B1-8AF9-46A5-AFB0-628F067D8D73"}, {"criteria": "cpe:2.3:a:glftpd:glftpd:2.0_rc5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CAED5165-E96B-45BD-9C93-A365C6569E13"}, {"criteria": "cpe:2.3:a:glftpd:glftpd:2.0_rc6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8215195F-1FE1-4F3C-A067-E69F177E58B7"}, {"criteria": "cpe:2.3:a:glftpd:glftpd:2.0_rc7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B05E032C-B32F-4AD6-B226-9E49CCD5D44F"}, {"criteria": "cpe:2.3:a:glftpd:glftpd:2.01_rc1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17585572-DF7D-44A6-87EE-2FE7760AEBE1"}, {"criteria": "cpe:2.3:a:glftpd:glftpd:2.01_rc2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC5604AF-E077-4195-BF64-1855638C923F"}, {"criteria": "cpe:2.3:a:glftpd:glftpd:2.01_rc3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43D93E21-AC66-4D9C-9154-4698272F8268"}, {"criteria": "cpe:2.3:a:glftpd:glftpd:2.01_rc4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D17CAEF-2E71-4D51-8A92-500A3B147242"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}