oval:org.mitre.oval:def:7391
Definition Id: oval:org.mitre.oval:def:7391 | |||
Oval ID: | oval:org.mitre.oval:def:7391 | ||
Title: | DSA-1730 proftpd-dfsg -- SQL injection vulnerabilities | ||
Description: | The security update for proftpd-dfsg in DSA-1727-1 caused a regression with the postgresql backend. This update corrects the flaw. Also it was discovered that the oldstable distribution (etch) is not affected by the security issues. For reference the original advisory follows. Two SQL injection vulnerabilities have been found in proftpd, a virtual-hosting FTP daemon. The Common Vulnerabilities and Exposures project identifies the following problems: Shino discovered that proftpd is prone to an SQL injection vulnerability via the use of certain characters in the username. TJ Saunders discovered that proftpd is prone to an SQL injection vulnerability due to insufficient escaping mechanisms, when multybite character encodings are used. The oldstable distribution (etch) is not affected by these problems. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1730 CVE-2009-0542 CVE-2009-0543 | Version: | 4 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | proftpd-dfsg |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6513 | |||
Oval ID: | oval:org.mitre.oval:def:6513 | ||
Title: | Debian GNU/Linux 5.0 is installed | ||
Description: | Debian GNU/Linux 5.0 (lenny) is installed | ||
Family: | unix | Class: | inventory |
Reference(s): | cpe:/o:debian:debian_gnu/linux:5.0 | Version: | 7 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | |
Definition Synopsis: | |||
Referenced By: | |||
oval:org.mitre.oval:def:7391 |