Vulnerability Name:

CVE-2010-4652 (CCN-63407)

Assigned:2010-11-17
Published:2010-11-17
Updated:2011-03-18
Summary:Heap-based buffer overflow in the sql_prepare_where function (contrib/mod_sql.c) in ProFTPD before 1.3.3d, when mod_sql is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted username containing substitution tags, which are not properly handled during construction of an SQL query.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-119
Vulnerability Consequences:Gain Access
References:Source: MISC
Type: Exploit, Patch
http://bugs.proftpd.org/show_bug.cgi?id=3536

Source: MITRE
Type: CNA
CVE-2010-4652

Source: FEDORA
Type: UNKNOWN
FEDORA-2011-0613

Source: FEDORA
Type: UNKNOWN
FEDORA-2011-0610

Source: CCN
Type: Phrack Magazine, Volume 0x0e, Issue 0x43, Phile #0x07 of 0x10
ProFTPD with mod_sql pre-authentication, remote root

Source: MISC
Type: UNKNOWN
http://phrack.org/issues.html?issue=67&id=7#article

Source: CONFIRM
Type: UNKNOWN
http://proftpd.org/docs/RELEASE_NOTES-1.3.3d

Source: DEBIAN
Type: UNKNOWN
DSA-2191

Source: DEBIAN
Type: DSA-2191
proftpd-dfsg -- several vulnerabilities

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2011:023

Source: CCN
Type: OSVDB ID: 70782
ProFTPD contrib/mod_sql.c sql_prepare_where Function Crafted Username Handling Remote Overflow

Source: CCN
Type: ProFTPD Web site
ProFTPD - Highly configurable GPL-licensed FTP server software

Source: BID
Type: UNKNOWN
44933

Source: CCN
Type: BID-44933
ProFTPD 'mod_sql' Remote Heap Based Buffer Overflow Vulnerability

Source: VUPEN
Type: Vendor Advisory
ADV-2011-0248

Source: VUPEN
Type: UNKNOWN
ADV-2011-0331

Source: CONFIRM
Type: Exploit, Patch
https://bugzilla.redhat.com/show_bug.cgi?id=670170

Source: XF
Type: UNKNOWN
proftpd-modsql-bo(63407)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:proftpd:proftpd:1.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.0:pre10:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.0:pre9:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.0:rc3:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.2:rc1:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.2:rc2:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.2:rc3:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.5:rc1:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.5:rc2:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.5:rc3:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.6:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.6:rc1:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.6:rc2:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.7:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.7:rc1:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.7:rc2:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.7:rc3:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.8:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.8:rc1:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.8:rc2:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.9:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.9:rc1:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.9:rc2:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.9:rc3:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.10:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.10:rc1:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.10:rc2:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.10:rc3:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.3.0:a:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.3.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.3.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.3.0:rc3:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.3.0:rc4:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.3.0:rc5:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.3.1:rc1:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.3.1:rc2:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.3.1:rc3:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.3.2:a:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.3.2:b:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.3.2:c:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.3.2:d:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.3.2:e:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.3.2:rc1:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.3.2:rc2:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.3.2:rc3:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.3.2:rc4:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.3.3:a:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.3.3:b:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:*:c:*:*:*:*:*:* (Version <= 1.3.3)
  • OR cpe:/a:proftpd:proftpd:1.3.3:rc1:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.3.3:rc2:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.3.3:rc3:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.3.3:rc4:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:proftpd:proftpd:1.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.3.2:rc2:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.3.2:rc1:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.3.2:rc3:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.3.2:rc4:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:12739
    P
    DSA-2191-1 proftpd-dfsg -- several
    2014-06-23
    oval:com.ubuntu.precise:def:20104652000
    V
    CVE-2010-4652 on Ubuntu 12.04 LTS (precise) - medium.
    2011-02-01
    BACK
    proftpd proftpd 1.2.0
    proftpd proftpd 1.2.0 pre10
    proftpd proftpd 1.2.0 pre9
    proftpd proftpd 1.2.0 rc1
    proftpd proftpd 1.2.0 rc2
    proftpd proftpd 1.2.0 rc3
    proftpd proftpd 1.2.1
    proftpd proftpd 1.2.2
    proftpd proftpd 1.2.2 rc1
    proftpd proftpd 1.2.2 rc2
    proftpd proftpd 1.2.2 rc3
    proftpd proftpd 1.2.3
    proftpd proftpd 1.2.4
    proftpd proftpd 1.2.5
    proftpd proftpd 1.2.5 rc1
    proftpd proftpd 1.2.5 rc2
    proftpd proftpd 1.2.5 rc3
    proftpd proftpd 1.2.6
    proftpd proftpd 1.2.6 rc1
    proftpd proftpd 1.2.6 rc2
    proftpd proftpd 1.2.7
    proftpd proftpd 1.2.7 rc1
    proftpd proftpd 1.2.7 rc2
    proftpd proftpd 1.2.7 rc3
    proftpd proftpd 1.2.8
    proftpd proftpd 1.2.8 rc1
    proftpd proftpd 1.2.8 rc2
    proftpd proftpd 1.2.9
    proftpd proftpd 1.2.9 rc1
    proftpd proftpd 1.2.9 rc2
    proftpd proftpd 1.2.9 rc3
    proftpd proftpd 1.2.10
    proftpd proftpd 1.2.10 rc1
    proftpd proftpd 1.2.10 rc2
    proftpd proftpd 1.2.10 rc3
    proftpd proftpd 1.3.0
    proftpd proftpd 1.3.0 a
    proftpd proftpd 1.3.0 rc1
    proftpd proftpd 1.3.0 rc2
    proftpd proftpd 1.3.0 rc3
    proftpd proftpd 1.3.0 rc4
    proftpd proftpd 1.3.0 rc5
    proftpd proftpd 1.3.1
    proftpd proftpd 1.3.1 rc1
    proftpd proftpd 1.3.1 rc2
    proftpd proftpd 1.3.1 rc3
    proftpd proftpd 1.3.2
    proftpd proftpd 1.3.2 a
    proftpd proftpd 1.3.2 b
    proftpd proftpd 1.3.2 c
    proftpd proftpd 1.3.2 d
    proftpd proftpd 1.3.2 e
    proftpd proftpd 1.3.2 rc1
    proftpd proftpd 1.3.2 rc2
    proftpd proftpd 1.3.2 rc3
    proftpd proftpd 1.3.2 rc4
    proftpd proftpd 1.3.3
    proftpd proftpd 1.3.3 a
    proftpd proftpd 1.3.3 b
    proftpd proftpd * c
    proftpd proftpd 1.3.3 rc1
    proftpd proftpd 1.3.3 rc2
    proftpd proftpd 1.3.3 rc3
    proftpd proftpd 1.3.3 rc4
    proftpd proftpd 1.3.1
    proftpd proftpd 1.3.2 rc2
    proftpd proftpd 1.3.2 rc1
    proftpd proftpd 1.3.2 rc3
    proftpd proftpd 1.3.2 rc4