Current time: 12-23-2024, 08:26 AM Hello There, Guest! (LoginRegister)


Post Reply 
proftpd-dfsg packages fix SQL injection vulnerabilites
Author Message
BeNe Offline
Moderator
*****
Moderators

Posts: 5,899
Joined: Jan 2007
Reputation: 68
Post: #1
proftpd-dfsg packages fix SQL injection vulnerabilites
Just for Info!
--
Quote:Debian Security Advisory DSA 1727-1

Two SQL injection vulnerabilities have been found in proftpd, a
virtual-hosting FTP daemon. The Common Vulnerabilities and Exposures
project identifies the following problems:

CVE-2009-0542

Shino discovered that proftpd is prone to an SQL injection
vulnerability via the use of certain characters in the username.

CVE-2009-0543

TJ Saunders discovered that proftpd is prone to an SQL injection
vulnerability due to insufficient escaping mechanisms, when
multybite character encodings are used.

For the stable distribution (lenny), these problems have been fixed in
version 1.3.1-17lenny1.

For the oldstable distribution (etch), these problems will be fixed
soon.

So please update your Debian System!

Greez BeNe
02-26-2009 07:16 PM
Visit this user's website Find all posts by this user Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)