Debian: proftpd SQL injection vulnerability

    Date01 Jul 2003
    CategoryDebian
    3289
    Posted ByLinuxSecurity Advisories
    ProFTPD's PostgreSQL authentication module is vulnerable to a SQL injection attack.
    
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 338-1                     This email address is being protected from spambots. You need JavaScript enabled to view it. 
    http://www.debian.org/security/                             Matt Zimmerman
    June 29th, 2003                          http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : proftpd
    Vulnerability  : SQL injection
    Problem-Type   : remote
    Debian-specific: no
    
    runlevel [This email address is being protected from spambots. You need JavaScript enabled to view it.] reported that ProFTPD's PostgreSQL
    authentication module is vulnerable to a SQL injection attack.  This
    vulnerability could be exploited by a remote, unauthenticated attacker
    to execute arbitrary SQL statements, potentially exposing the
    passwords of other users, or to connect to ProFTPD as an arbitrary
    user without supplying the correct password.
    
    For the stable distribution (woody) this problem has been fixed in
    version 1.2.4+1.2.5rc1-5woody2.
    
    For the unstable distribution (sid) this problem has been fixed in
    version 1.2.8-8.
    
    We recommend that you update your proftpd package.
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
    
      Source archives:
    
         http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.4+1.2.5rc1-5woody2.dsc
          Size/MD5 checksum:      727 b6bbf1fb682f160da85672afbd8cf848
         http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.4+1.2.5rc1-5woody2.tar.gz
          Size/MD5 checksum:   699016 bf322cedf80a02c936c9d4eda74131fc
    
      Architecture independent components:
    
         http://security.debian.org/pool/updates/main/p/proftpd/proftpd-doc_1.2.4+1.2.5rc1-5woody2_all.deb
          Size/MD5 checksum:   281414 bc39191f1cfde5d1c3db3a0529da589f
    
      Alpha architecture:
    
         http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.4+1.2.5rc1-5woody2_alpha.deb
          Size/MD5 checksum:   205806 1fbcc7216485db7f69d01658a4694d14
         http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.4+1.2.5rc1-5woody2_alpha.deb
          Size/MD5 checksum:   107888 7d85d92a95bde52c601dd4da25640a39
         http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.4+1.2.5rc1-5woody2_alpha.deb
          Size/MD5 checksum:   216044 09a1bf535c009e48d7005249c57f5815
         http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.4+1.2.5rc1-5woody2_alpha.deb
          Size/MD5 checksum:   228806 272b734be4a08a6f8b84a8d15fab57ea
         http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.4+1.2.5rc1-5woody2_alpha.deb
          Size/MD5 checksum:   228494 3dd63c4b61b15ff8ec6768ec070efa6f
    
      ARM architecture:
    
         http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.4+1.2.5rc1-5woody2_arm.deb
          Size/MD5 checksum:   172962 c17bac8e5ebd35c82d29bbd84cd06d93
         http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.4+1.2.5rc1-5woody2_arm.deb
          Size/MD5 checksum:    92170 dc5d6535ce88e8f1825a7f737a1f4abc
         http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.4+1.2.5rc1-5woody2_arm.deb
          Size/MD5 checksum:   181486 90cfca9474481183bbbdb935299e404e
         http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.4+1.2.5rc1-5woody2_arm.deb
          Size/MD5 checksum:   191796 78de889768d52230373761722d98e7fb
         http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.4+1.2.5rc1-5woody2_arm.deb
          Size/MD5 checksum:   191710 27855567b8aa1d1afead2260d6e0d2dd
    
      Intel IA-32 architecture:
    
         http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.4+1.2.5rc1-5woody2_i386.deb
          Size/MD5 checksum:   159930 4061d5de926d8d180885ec88d8040ea5
         http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.4+1.2.5rc1-5woody2_i386.deb
          Size/MD5 checksum:    90388 7b0bd6058b1c90b5fc04cf436f8090a8
         http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.4+1.2.5rc1-5woody2_i386.deb
          Size/MD5 checksum:   167316 1c4c0d342c345f0a603dc86e85047f4d
         http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.4+1.2.5rc1-5woody2_i386.deb
          Size/MD5 checksum:   177320 aa31ecfee263f9be5971462998e3267f
         http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.4+1.2.5rc1-5woody2_i386.deb
          Size/MD5 checksum:   177272 7d01955741d26cb234f126eb9656a262
    
      Intel IA-64 architecture:
    
         http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.4+1.2.5rc1-5woody2_ia64.deb
          Size/MD5 checksum:   260888 b8abfb2497ed8bfff3b053992d9146db
         http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.4+1.2.5rc1-5woody2_ia64.deb
          Size/MD5 checksum:   117100 4252bf31de41b04deaecba2a35d52dbf
         http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.4+1.2.5rc1-5woody2_ia64.deb
          Size/MD5 checksum:   273580 b195fc7455460dbbf1921c44160e83ff
         http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.4+1.2.5rc1-5woody2_ia64.deb
          Size/MD5 checksum:   292188 9548dad81719b86056f68575f3dc765b
         http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.4+1.2.5rc1-5woody2_ia64.deb
          Size/MD5 checksum:   292012 2afd30e0551a7a7ab9e5e4250ea8c8ab
    
      HP Precision architecture:
    
         http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.4+1.2.5rc1-5woody2_hppa.deb
          Size/MD5 checksum:   199520 e9eec622d3574d67e161856fcfbaaa7e
         http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.4+1.2.5rc1-5woody2_hppa.deb
          Size/MD5 checksum:    94904 7598c44f2640d88ec5b1c1811ad9ee8a
         http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.4+1.2.5rc1-5woody2_hppa.deb
          Size/MD5 checksum:   209376 8656557f182a5ec635804229e4c24f9f
         http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.4+1.2.5rc1-5woody2_hppa.deb
          Size/MD5 checksum:   221864 7d02a0f2cd73438a2a155b35b0b87a5b
         http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.4+1.2.5rc1-5woody2_hppa.deb
          Size/MD5 checksum:   221692 7e28806db27cd450e0828cbe5b15e679
    
      Motorola 680x0 architecture:
    
         http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.4+1.2.5rc1-5woody2_m68k.deb
          Size/MD5 checksum:   152734 e29c4c29549b404cad7ece71a235a97f
         http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.4+1.2.5rc1-5woody2_m68k.deb
          Size/MD5 checksum:    90916 d524e287cf50ac8d65b1745efd8f1eb5
         http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.4+1.2.5rc1-5woody2_m68k.deb
          Size/MD5 checksum:   159070 17d172d022c893fb21a465977efb67aa
         http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.4+1.2.5rc1-5woody2_m68k.deb
          Size/MD5 checksum:   168186 ba776d7a211d6c0811dfa4cfff8103d4
         http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.4+1.2.5rc1-5woody2_m68k.deb
          Size/MD5 checksum:   168046 f539d7bb416b0a77af9b329fbb40bbdc
    
      Big endian MIPS architecture:
    
         http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.4+1.2.5rc1-5woody2_mips.deb
          Size/MD5 checksum:   184406 0cc53970e72ee6daa257e099bd393184
         http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.4+1.2.5rc1-5woody2_mips.deb
          Size/MD5 checksum:   103850 ab961f36d185f71be8560e413e0acd02
         http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.4+1.2.5rc1-5woody2_mips.deb
          Size/MD5 checksum:   192328 d62da22de9d68ee61499686b99ef5162
         http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.4+1.2.5rc1-5woody2_mips.deb
          Size/MD5 checksum:   203184 019e94b09e5ec82f858d39ccdfb98a9f
         http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.4+1.2.5rc1-5woody2_mips.deb
          Size/MD5 checksum:   203062 187050f5af48a2f42e9f088ac873a18d
    
      Little endian MIPS architecture:
    
         http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.4+1.2.5rc1-5woody2_mipsel.deb
          Size/MD5 checksum:   185138 0ee63b58bb101dec2a6aa2c4a0c9db24
         http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.4+1.2.5rc1-5woody2_mipsel.deb
          Size/MD5 checksum:   103716 bc85d55e05a8080679e1db79025438ec
         http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.4+1.2.5rc1-5woody2_mipsel.deb
          Size/MD5 checksum:   192940 74169ef6f060184df30a5c4d40f202c2
         http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.4+1.2.5rc1-5woody2_mipsel.deb
          Size/MD5 checksum:   203962 8cf7f74f563d8545bfe1ff7315e22272
         http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.4+1.2.5rc1-5woody2_mipsel.deb
          Size/MD5 checksum:   203786 a0314a061652ad0efaa0f8e2d7964825
    
      PowerPC architecture:
    
         http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.4+1.2.5rc1-5woody2_powerpc.deb
          Size/MD5 checksum:   175390 7e5c0ec43d7ca73ca4bf1f22a68fc137
         http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.4+1.2.5rc1-5woody2_powerpc.deb
          Size/MD5 checksum:    93304 d2ba0c7e16981d7ee13e0531fd1002e7
         http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.4+1.2.5rc1-5woody2_powerpc.deb
          Size/MD5 checksum:   183158 2ec2ebe5e3d681183540365fae46ba00
         http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.4+1.2.5rc1-5woody2_powerpc.deb
          Size/MD5 checksum:   193426 a919d347d1b8cb6e1989d679482cac7e
         http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.4+1.2.5rc1-5woody2_powerpc.deb
          Size/MD5 checksum:   193304 59b9f59189145e3143e59711bbc1631b
    
      IBM S/390 architecture:
    
         http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.4+1.2.5rc1-5woody2_s390.deb
          Size/MD5 checksum:   166080 45b72cea50f10fc210eea80549988ade
         http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.4+1.2.5rc1-5woody2_s390.deb
          Size/MD5 checksum:    92152 2bdf3ffa8421b87927e84d51c033cbac
         http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.4+1.2.5rc1-5woody2_s390.deb
          Size/MD5 checksum:   173954 ce047bfc41b52cd69eb2a06f7f0d772c
         http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.4+1.2.5rc1-5woody2_s390.deb
          Size/MD5 checksum:   183348 44ff5a18066e9279073fec7f9f1effa9
         http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.4+1.2.5rc1-5woody2_s390.deb
          Size/MD5 checksum:   183202 7e7a3ce1e040716124e49d25ddbceab5
    
      Sun Sparc architecture:
    
         http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.4+1.2.5rc1-5woody2_sparc.deb
          Size/MD5 checksum:   169568 74ef415c3b9191d26ca260d4b5f9f14d
         http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.4+1.2.5rc1-5woody2_sparc.deb
          Size/MD5 checksum:    92694 7cb9eb15c256582ebbe4ee2074633c19
         http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.4+1.2.5rc1-5woody2_sparc.deb
          Size/MD5 checksum:   177790 d0d1a7140862d474bf362c11ea7c9a6a
         http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.4+1.2.5rc1-5woody2_sparc.deb
          Size/MD5 checksum:   188380 9d6a93e06664f40d40c1c5f342af2680
         http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.4+1.2.5rc1-5woody2_sparc.deb
          Size/MD5 checksum:   188210 bab4d525c2d5498efdc4fc936a9fc684
    
      These files will probably be moved into the stable distribution on
      its next revision.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb  http://security.debian.org/ stable/updates main
    For dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and  http://packages.debian.org/
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":54.35,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":10.87,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"16","type":"x","order":"3","pct":34.78,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.