Executive Summary
| Summary | |
|---|---|
| Title | New proftpd packages fix SQL injection |
| Informations | |||
|---|---|---|---|
| Name | DSA-338 | First vendor Publication | 2003-06-29 |
| Vendor | Debian | Last vendor Modification | 2003-06-29 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| runlevel [runlevel@raregazz.org] reported that ProFTPD's PostgreSQL authentication module is vulnerable to a SQL injection attack. This vulnerability could be exploited by a remote, unauthenticated attacker to execute arbitrary SQL statements, potentially exposing the passwords of other users, or to connect to ProFTPD as an arbitrary user without supplying the correct password. For the stable distribution (woody) this problem has been fixed in version 1.2.4+1.2.5rc1-5woody2. For the unstable distribution (sid) this problem has been fixed in version 1.2.8-8. We recommend that you update your proftpd package. |
Original Source
| Url : http://www.debian.org/security/2003/dsa-338 |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-01-17 | Name : Debian Security Advisory DSA 338-1 (x-face-el) File : nvt/deb_338_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 340-1 (x-face-el) File : nvt/deb_340_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 9507 | PostgreSQL Authentication Module (mod_sql) for ProFTPD USER Name Parameter SQ... |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-338.nasl - Type : ACT_GATHER_INFO |
| 2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-340.nasl - Type : ACT_GATHER_INFO |
| 2003-06-19 | Name : It may be possible to read or modify arbitrary files on the remote server. File : proftpd_pgsql_insertion.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:32:44 |
|
