proftpd-dfsg packages fix SQL injection vulnerabilites

proftpd-dfsg packages fix SQL injection vulnerabilites - Printable Version

+- ispCP - Board - Support (http://www.isp-control.net/forum)
+-- Forum: ispCP Omega Development Area (/forum-1.html)
+--- Forum: Small Talk (/forum-20.html)
+--- Thread: proftpd-dfsg packages fix SQL injection vulnerabilites (/thread-5824.html)

proftpd-dfsg packages fix SQL injection vulnerabilites - BeNe - 02-26-2009 07:16 PM

Just for Info!
--

Quote:Debian Security Advisory DSA 1727-1

Two SQL injection vulnerabilities have been found in proftpd, a
virtual-hosting FTP daemon. The Common Vulnerabilities and Exposures
project identifies the following problems:

CVE-2009-0542

Shino discovered that proftpd is prone to an SQL injection
vulnerability via the use of certain characters in the username.

CVE-2009-0543

TJ Saunders discovered that proftpd is prone to an SQL injection
vulnerability due to insufficient escaping mechanisms, when
multybite character encodings are used.

For the stable distribution (lenny), these problems have been fixed in
version 1.3.1-17lenny1.

For the oldstable distribution (etch), these problems will be fixed
soon.

So please update your Debian System!

Greez BeNe