Oval Definition:oval:org.mitre.oval:def:7963
Revision Date:2014-06-23Version:18
Title:DSA-1727 proftpd-dfsg -- SQL injection vulnerabilities
Description:Two SQL injection vulnerabilities have been found in proftpd, a virtual-hosting FTP daemon. The Common Vulnerabilities and Exposures project identifies the following problems: Shino discovered that proftpd is prone to an SQL injection vulnerability via the use of certain characters in the username. TJ Saunders discovered that proftpd is prone to an SQL injection vulnerability due to insufficient escaping mechanisms, when multybite character encodings are used.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2009-0542
CVE-2009-0543
DSA-1727
Platform(s):Debian GNU/Linux 5.0
Product(s):proftpd-dfsg
Definition Synopsis
  • Debian GNU/Linux 5.0 is installed
  • AND Architecture section
  • Architecture independent section
  • Installed architecture is all
  • AND Packages section
  • proftpd is earlier than 1.3.1-17lenny1
  • OR proftpd-doc is earlier than 1.3.1-17lenny1
  • OR Architecture dependent section
  • Supported architectures section
  • Installed architecture is s390
  • OR Installed architecture is amd64
  • OR Installed architecture is sparc
  • OR Installed architecture is powerpc
  • OR Installed architecture is i386
  • OR Installed architecture is ia64
  • OR Installed architecture is mips
  • OR Installed architecture is mipsel
  • OR Installed architecture is arm
  • AND Packages section
  • proftpd-mod-mysql is earlier than 1.3.1-17lenny1
  • OR proftpd-mod-pgsql is earlier than 1.3.1-17lenny1
  • OR proftpd-mod-ldap is earlier than 1.3.1-17lenny1
  • OR proftpd-basic is earlier than 1.3.1-17lenny1
  • BACK