Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2010-4652 | First vendor Publication | 2011-02-01 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 6.8 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Heap-based buffer overflow in the sql_prepare_where function (contrib/mod_sql.c) in ProFTPD before 1.3.3d, when mod_sql is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted username containing substitution tags, which are not properly handled during construction of an SQL query. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4652 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2011-11-21 | Name : Fedora Update for proftpd FEDORA-2011-15741 File : nvt/gb_fedora_2011_15741_proftpd_fc14.nasl |
| 2011-05-12 | Name : Debian Security Advisory DSA 2191-1 (proftpd-dfsg) File : nvt/deb_2191_1.nasl |
| 2011-04-21 | Name : Fedora Update for proftpd FEDORA-2011-5033 File : nvt/gb_fedora_2011_5033_proftpd_fc13.nasl |
| 2011-04-21 | Name : Fedora Update for proftpd FEDORA-2011-5040 File : nvt/gb_fedora_2011_5040_proftpd_fc14.nasl |
| 2011-02-11 | Name : Mandriva Update for proftpd MDVSA-2011:023 (proftpd) File : nvt/gb_mandriva_MDVSA_2011_023.nasl |
| 2011-01-31 | Name : Fedora Update for proftpd FEDORA-2011-0610 File : nvt/gb_fedora_2011_0610_proftpd_fc14.nasl |
| 2011-01-31 | Name : Fedora Update for proftpd FEDORA-2011-0613 File : nvt/gb_fedora_2011_0613_proftpd_fc13.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 70782 | ProFTPD contrib/mod_sql.c sql_prepare_where Function Crafted Username Handlin... ProFTPD is prone to an overflow condition. The 'sql_prepare_where' function, contrib/mod_sql.c, fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted username containing substitution tags, a remote attacker can potentially execute arbitrary code. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2013-09-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201309-15.nasl - Type : ACT_GATHER_INFO |
| 2011-03-15 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2191.nasl - Type : ACT_GATHER_INFO |
| 2011-02-09 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-023.nasl - Type : ACT_GATHER_INFO |
| 2011-01-31 | Name : The remote Fedora host is missing a security update. File : fedora_2011-0610.nasl - Type : ACT_GATHER_INFO |
| 2011-01-31 | Name : The remote Fedora host is missing a security update. File : fedora_2011-0613.nasl - Type : ACT_GATHER_INFO |
| 2010-12-23 | Name : The remote FTP server is affected by a heap-based buffer overflow vulnerability. File : proftpd_1_3_3d.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:06:14 |
|
| 2024-11-28 12:23:55 |
|
| 2021-05-05 01:07:49 |
|
| 2021-05-04 12:13:15 |
|
| 2021-04-22 01:13:40 |
|
| 2020-05-24 01:07:09 |
|
| 2020-05-23 01:43:14 |
|
| 2020-05-23 00:27:07 |
|
| 2014-02-17 10:59:05 |
|
| 2013-05-10 23:39:07 |
|
