CVE-2006-6171

Name of the Vulnerable Software and Affected Versions: ProFTPD versions 1.3.0a and earlier

Description: The issue is related to the improper setting of the buffer size limit when CommandBufferSize is specified in the configuration file, potentially leading to an off-by-two buffer underflow. However, the ProFTPD developers dispute this issue, stating that the relevant memory location is overwritten by assignment before further use within the affected function. Multiple vulnerabilities in the proftpd-common package of the Debian GNU/Linux operating system may lead to a violation of confidentiality, integrity, and availability of protected information, and can be exploited remotely.

Recommendations: For ProFTPD versions 1.3.0a and earlier, consider reviewing the configuration file to ensure proper buffer size limits are set, although the developers claim this is not a vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.