Alerts This Week
Warning Icon 1 923
Alerts This Week
Warning Icon 1 923

Gentoo: 200306-10 Urgent: ProFTPD SQL Injection Risk Due to Remote Access

gentoo
Calendar Grey June 27, 2003
Dist Gentoo Esm H88
A vulnerability in ProFTPD may permit unauthorized intrusion without the requisite authentication. It is strongly recommended that all Gentoo users execute an upgrade immediately.
A SQL Inject exists in ProFTPD server using the mod_sql module to authenticate against PostgreSQL database server

Summary


GENTOO LINUX SECURITY ANNOUNCEMENT 200306-10


from advisory: 

"A SQL Inject exists in ProFTPD server using the mod_sql module to 
authenticate against PostgreSQL database server. This vulnerability 
may allow a remote user to login whithout user and password."

Read the full advisory at 
http://marc.theaimsgroup.com/?l=full-disclosure&m=105597431408016&w=2

SOLUTION

It is recommended that all Gentoo Linux users who are running
net-ftp/proftpd upgrade to proftpd-1.2.9_rc1 as follows

emerge sync
emerge proftpd
emerge clean

aliz@gentoo.org - GnuPG key is available at

Topics%20covered

Topics Covered

security advisory update gentoo remote access exploit sql injection proftpd

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Severity
critical
Lowest
Low
Medium
High
Critical

PACKAGE : proftpd
SUMMARY : sql injection
DATE : 2003-06-25 21:48 UTC
EXPLOIT : remote
VERSIONS AFFECTED : =proftpd-1.2.9_rc1
CVE :

Topics%20covered

Topics Covered

security advisory update gentoo remote access exploit sql injection proftpd

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Your message here