Home
Corporate Website
Jobs
Updated
Mailing Lists
RSS
Blog
Online Shop
Advertise
Software Inspectors
Scan Online
Personal (PSI)
Network (NSI 2.0)
Solutions For
Security Professionals
Security Vendors
Free Solutions For
Open Communities
Journalists & Media
Secunia Advisories
Search
Historic Advisories
Listed By Product
Listed By Vendor
Statistics / Graphs
Secunia Research
Report Vulnerability
About Advisories
Virus Information
Chronological List
Last 10 Virus Alerts
About Virus Information
Secunia Customers
Customer Area
ProFTPD mod_sql SQL Injection
Secunia Advisory:
SA9078
Release Date:
2003-06-19
Last Update:
2004-12-22
Critical:
Moderately critical
Impact:
Manipulation of data
Where:
From remote
Solution Status:
Vendor Patch
Software:
ProFTPD 1.2.x
Want to know the next time vulnerabilities are fixed in this product?
-
Companies can be alerted via email and SMS!
Description
:
A vulnerability has been reported in ProFTPD, which can be exploited by malicious people to inject arbitrary SQL code.
The problem is that the user credentials aren't sanitised properly before being used in a SQL query.
This only affects ProFTPD when configured with mod_sql.
A proof of conecpt exploit has been released.
This has been confirmed on a combination of:
- mod_sql v.4.0
- postgresql 7.2.1-2
- proftpd 1.2.8
Solution
:
Update to version 1.2.9rc1 or later.
Provided and/or discovered by
:
runlevel / -=RareGaZz=-
Changelog
:
2004-12-22: Updated "Solution" section.
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
8 Related Secunia Security Advisories
1.
ProFTPD Auth API Multiple Authentication Modules Security Issue
2.
ProFTPD "mod_ctrls" Privilege Escalation Vulnerability
3.
ProFTPD mod_tls Buffer Overflow Vulnerability
4.
ProFTPD Two Format String Vulnerabilities
5.
ProFTPD User Enumeration Weakness
6.
ProFTPD CIDR Addressing ACL and "site chgrp" Security Issues
7.
ProFTPD ASCII File Translation Off-By-One Vulnerability
8.
ProFTPD ASCII Mode File Transfer Buffer Overflow Vulnerability
Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our
web form
or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
Secunia PSI
Scan | Patch | Track
Free Download
Secunia Poll
Do you think it's important to read Setup/User Guides for applications for use within your network?
Yes, I do it all the time
Yes, but I do it rarely
No
See Results
Most Popular Advisories
1.
Microsoft Windows DNS Spoofing Vulnerabilities
2.
Microsoft Access Snapshot Viewer ActiveX Control Vulnerability
3.
Microsoft Windows Explorer Saved Search Vulnerability
4.
Joomla Unauthorized Access Vulnerabilities
5.
Microsoft SQL Server and MSDE Multiple Vulnerabilities
6.
Microsoft Outlook Web Access Script Insertion Vulnerabilities
7.
Mozilla Firefox Multiple Vulnerabilities
8.
Symantec Brightmail AntiSpam Notifier Denial of Service
9.
ArticleBeach Script "page" File Inclusion Vulnerability
10.
PHP-Nuke 4ndvddb Module "id" SQL Injection Vulnerability
Vulnerability Management
-
Terms & Conditions
-
Copyright 2002-2008 Secunia
-
Compliance
-
Contact Secunia
