oss-sec mailing list archives
Re: CVE request for proftpd
From: "Steven M. Christey" <coley () linus mitre org>
Date: Thu, 12 Feb 2009 10:45:25 -0500 (EST)
====================================================== Name: CVE-2009-0542 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0542 Reference: BUGTRAQ:20090210 Another SQL injection in ProFTPd with mod_mysql (probably postgres as well) Reference: URL:http://www.securityfocus.com/archive/1/archive/1/500823/100/0/threaded Reference: BUGTRAQ:20090210 ProFTPd with mod_mysql Authentication Bypass Exploit Reference: URL:http://www.securityfocus.com/archive/1/archive/1/500851/100/0/threaded Reference: BUGTRAQ:20090210 Re: Another SQL injection in ProFTPd with mod_mysql (probably postgres as well) Reference: URL:http://www.securityfocus.com/archive/1/archive/1/500833/100/0/threaded Reference: BUGTRAQ:20090211 Re: Re: Another SQL injection in ProFTPd with mod_mysql (probably postgres as well) Reference: URL:http://www.securityfocus.com/archive/1/archive/1/500852/100/0/threaded Reference: MILW0RM:8037 Reference: URL:http://www.milw0rm.com/exploits/8037 Reference: MLIST:[oss-security] 20090211 CVE request for proftpd Reference: URL:http://www.openwall.com/lists/oss-security/2009/02/11/1 Reference: MLIST:[oss-security] 20090211 Re: CVE request for proftpd Reference: URL:http://www.openwall.com/lists/oss-security/2009/02/11/5 Reference: MLIST:[oss-security] 20090211 Re: CVE request for proftpd Reference: URL:http://www.openwall.com/lists/oss-security/2009/02/11/3 Reference: CONFIRM:http://bugs.proftpd.org/show_bug.cgi?id=3180 SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 allows remote attackers to execute arbitrary SQL commands via a "%" (percent) character in the username, which introduces a "'" (single quote) character during variable substitution by mod_sql. ====================================================== Name: CVE-2009-0543 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0543 Reference: MLIST:[oss-security] 20090211 CVE request for proftpd Reference: URL:http://www.openwall.com/lists/oss-security/2009/02/11/4 Reference: MLIST:[oss-security] 20090211 Re: CVE request for proftpd Reference: URL:http://www.openwall.com/lists/oss-security/2009/02/11/5 Reference: CONFIRM:http://bugs.proftpd.org/show_bug.cgi?id=3173 ProFTPD Server 1.3.1, with NLS support enabled, allows remote attackers to bypass SQL injection protection mechanisms via invalid, encoded multibyte characters, which are not properly handled in (1) mod_sql_mysql and (2) mod_sql_postgres.
Current thread:
- CVE request for proftpd Vincent Danen (Feb 11)
- Re: CVE request for proftpd TJ Saunders (Feb 11)
- Re: CVE request for proftpd Vincent Danen (Feb 11)
- Re: CVE request for proftpd Vincent Danen (Feb 11)
- Re: CVE request for proftpd TJ Saunders (Feb 11)
- Re: CVE request for proftpd Vincent Danen (Feb 11)
- Re: CVE request for proftpd TJ Saunders (Feb 11)
- Re: CVE request for proftpd Steven M. Christey (Feb 12)