Project InfoSponsor & PartnerInstalling ispCPFAQDocumentationDevelopment
Current time: 11-16-2024, 03:51 PM Hello There, Guest! (LoginRegister)

ispCP - Board - Support / ispCP Omega Development Area / Small Talk v / proftpd-dfsg packages fix SQL injection vulnerabilites

Post Reply 
proftpd-dfsg packages fix SQL injection vulnerabilites
Author Message
BeNe Offline
Moderator
*****
Moderators

Posts: 5,899
Joined: Jan 2007
Reputation: 68
Post: #1
proftpd-dfsg packages fix SQL injection vulnerabilites
Just for Info!
--
Quote:Debian Security Advisory DSA 1727-1

Two SQL injection vulnerabilities have been found in proftpd, a
virtual-hosting FTP daemon. The Common Vulnerabilities and Exposures
project identifies the following problems:

CVE-2009-0542

Shino discovered that proftpd is prone to an SQL injection
vulnerability via the use of certain characters in the username.

CVE-2009-0543

TJ Saunders discovered that proftpd is prone to an SQL injection
vulnerability due to insufficient escaping mechanisms, when
multybite character encodings are used.

For the stable distribution (lenny), these problems have been fixed in
version 1.3.1-17lenny1.

For the oldstable distribution (etch), these problems will be fixed
soon.

So please update your Debian System!

Greez BeNe
02-26-2009 07:16 PM
Visit this user's website Find all posts by this user Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)

Contact Us | isp Control Panel ( ispCP ) | Return to Top | Return to Content | Lite (Archive) Mode | RSS Syndication