LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

proftpd-dfsg: SQL injection vulnerability

Package(s):proftpd-dfsg CVE #(s):CVE-2009-0542 CVE-2009-0543
Created:February 26, 2009 Updated:September 24, 2009
Description: proftpd-dfsg has two SQL injection vulnerabilities. From the Debian alert:

CVE-2009-0542 Shino discovered that proftpd is prone to an SQL injection vulnerability via the use of certain characters in the username.

CVE-2009-0543 TJ Saunders discovered that proftpd is prone to an SQL injection vulnerability due to insufficient escaping mechanisms, when multybite character encodings are used.

Alerts:
Fedora FEDORA-2009-9386 2009-09-09
Gentoo 200903-27 2009-03-12
Debian DSA-1730-1 2009-03-02
Mandriva MDVSA-2009:061 2009-02-27
Debian DSA-1727-1 2009-02-26
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds