Published: 12/02/2009 Updated: 11/10/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 760

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

SQL injection vulnerability in ProFTPD Server 1.3.1 up to and including 1.3.2rc2 allows remote malicious users to execute arbitrary SQL commands via a "%" (percent) character in the username, which introduces a "'" (single quote) character during variable substitution by mod_sql.

Vulnerable Product	Search on Vulmon	Subscribe to Product
proftpd project proftpd 1.3.1
proftpd project proftpd 1.3.2_rc2
proftpd project proftpd 1.3.2

Debian Bug report logs - #516388 proftpd: Several SQL injection vulnerabilities Package: proftpd; Maintainer for proftpd is (unknown); Reported by: Steffen Joeris <steffenjoeris@skolelinuxde> Date: Sat, 21 Feb 2009 05:24:01 UTC Severity: grave Tags: security Fixed in version proftpd-dfsg/132-1 Done: "Francesco P Lov ...

The security update for proftpd-dfsg in DSA-1727-1 caused a regression with the postgresql backend This update corrects the flaw Also it was discovered that the oldstable distribution (etch) is not affected by the security issues For reference the original advisory follows Two SQL injection vulnerabilities have been found in proftpd, a virtual- ...

Two SQL injection vulnerabilities have been found in proftpd, a virtual-hosting FTP daemon The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0542 Shino discovered that proftpd is prone to an SQL injection vulnerability via the use of certain characters in the username CVE-2009-0543 TJ Saunde ...

source: wwwsecurityfocuscom/bid/33722/info ProFTPD is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query Exploiting this issue could allow an attacker to manipulate SQL queries, modify data, or exploit latent vulnerabilities in the underlying database Thi ...

Just found out a problem with proftpd's sql authentication The problem is easily reproducible if you login with username like: USER %') and 1=2 union select 1,1,uid,gid,homedir,shell from users; -- and a password of "1" (without quotes) which leads to a successful login Different account logins can be made successful using the limit clase (e ...

CWE-89 http://bugs.proftpd.org/show_bug.cgi?id=3180 http://www.openwall.com/lists/oss-security/2009/02/11/3 http://www.openwall.com/lists/oss-security/2009/02/11/5 http://www.openwall.com/lists/oss-security/2009/02/11/1 http://www.mandriva.com/security/advisories?name=MDVSA-2009:061 http://security.gentoo.org/glsa/glsa-200903-27.xml http://secunia.com/advisories/34268 http://www.debian.org/security/2009/dsa-1730 https://www.exploit-db.com/exploits/8037 http://www.securityfocus.com/archive/1/500852/100/0/threaded http://www.securityfocus.com/archive/1/500851/100/0/threaded http://www.securityfocus.com/archive/1/500833/100/0/threaded http://www.securityfocus.com/archive/1/500823/100/0/threaded https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=516388 https://www.exploit-db.com/exploits/32798/https://www.debian.org/security/./dsa-1730

CVE-2009-0542

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect