CVE-2006-6576 Information

Description

Heap-based buffer overflow in Golden FTP Server (goldenftpd) 1.92 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long PASS command. NOTE: it was later reported that 4.70 is also affected. NOTE: the USER vector is already covered by CVE-2005-0634.

Reference

http://retrogod.altervista.org/golden_heap.html http://secunia.com/advisories/23323 http://www.exploit-db.com/exploits/16036 http://www.securityfocus.com/bid/45924 http://www.securityfocus.com/bid/45957 http://www.vupen.com/english/advisories/2006/4936