Linux Security
    Linux Security
    Linux Security

    Debian: proftpd SQL injection vulnerability

    Posted By
    ProFTPD's PostgreSQL authentication module is vulnerable to a SQL injection attack.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 338-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.                             Matt Zimmerman
    June 29th, 2003                
    - --------------------------------------------------------------------------
    Package        : proftpd
    Vulnerability  : SQL injection
    Problem-Type   : remote
    Debian-specific: no
    runlevel [This email address is being protected from spambots. You need JavaScript enabled to view it.] reported that ProFTPD's PostgreSQL
    authentication module is vulnerable to a SQL injection attack.  This
    vulnerability could be exploited by a remote, unauthenticated attacker
    to execute arbitrary SQL statements, potentially exposing the
    passwords of other users, or to connect to ProFTPD as an arbitrary
    user without supplying the correct password.
    For the stable distribution (woody) this problem has been fixed in
    version 1.2.4+1.2.5rc1-5woody2.
    For the unstable distribution (sid) this problem has been fixed in
    version 1.2.8-8.
    We recommend that you update your proftpd package.
    Upgrade Instructions
    - --------------------
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
      Source archives:
          Size/MD5 checksum:      727 b6bbf1fb682f160da85672afbd8cf848
          Size/MD5 checksum:   699016 bf322cedf80a02c936c9d4eda74131fc
      Architecture independent components:
          Size/MD5 checksum:   281414 bc39191f1cfde5d1c3db3a0529da589f
      Alpha architecture:
          Size/MD5 checksum:   205806 1fbcc7216485db7f69d01658a4694d14
          Size/MD5 checksum:   107888 7d85d92a95bde52c601dd4da25640a39
          Size/MD5 checksum:   216044 09a1bf535c009e48d7005249c57f5815
          Size/MD5 checksum:   228806 272b734be4a08a6f8b84a8d15fab57ea
          Size/MD5 checksum:   228494 3dd63c4b61b15ff8ec6768ec070efa6f
      ARM architecture:
          Size/MD5 checksum:   172962 c17bac8e5ebd35c82d29bbd84cd06d93
          Size/MD5 checksum:    92170 dc5d6535ce88e8f1825a7f737a1f4abc
          Size/MD5 checksum:   181486 90cfca9474481183bbbdb935299e404e
          Size/MD5 checksum:   191796 78de889768d52230373761722d98e7fb
          Size/MD5 checksum:   191710 27855567b8aa1d1afead2260d6e0d2dd
      Intel IA-32 architecture:
          Size/MD5 checksum:   159930 4061d5de926d8d180885ec88d8040ea5
          Size/MD5 checksum:    90388 7b0bd6058b1c90b5fc04cf436f8090a8
          Size/MD5 checksum:   167316 1c4c0d342c345f0a603dc86e85047f4d
          Size/MD5 checksum:   177320 aa31ecfee263f9be5971462998e3267f
          Size/MD5 checksum:   177272 7d01955741d26cb234f126eb9656a262
      Intel IA-64 architecture:
          Size/MD5 checksum:   260888 b8abfb2497ed8bfff3b053992d9146db
          Size/MD5 checksum:   117100 4252bf31de41b04deaecba2a35d52dbf
          Size/MD5 checksum:   273580 b195fc7455460dbbf1921c44160e83ff
          Size/MD5 checksum:   292188 9548dad81719b86056f68575f3dc765b
          Size/MD5 checksum:   292012 2afd30e0551a7a7ab9e5e4250ea8c8ab
      HP Precision architecture:
          Size/MD5 checksum:   199520 e9eec622d3574d67e161856fcfbaaa7e
          Size/MD5 checksum:    94904 7598c44f2640d88ec5b1c1811ad9ee8a
          Size/MD5 checksum:   209376 8656557f182a5ec635804229e4c24f9f
          Size/MD5 checksum:   221864 7d02a0f2cd73438a2a155b35b0b87a5b
          Size/MD5 checksum:   221692 7e28806db27cd450e0828cbe5b15e679
      Motorola 680x0 architecture:
          Size/MD5 checksum:   152734 e29c4c29549b404cad7ece71a235a97f
          Size/MD5 checksum:    90916 d524e287cf50ac8d65b1745efd8f1eb5
          Size/MD5 checksum:   159070 17d172d022c893fb21a465977efb67aa
          Size/MD5 checksum:   168186 ba776d7a211d6c0811dfa4cfff8103d4
          Size/MD5 checksum:   168046 f539d7bb416b0a77af9b329fbb40bbdc
      Big endian MIPS architecture:
          Size/MD5 checksum:   184406 0cc53970e72ee6daa257e099bd393184
          Size/MD5 checksum:   103850 ab961f36d185f71be8560e413e0acd02
          Size/MD5 checksum:   192328 d62da22de9d68ee61499686b99ef5162
          Size/MD5 checksum:   203184 019e94b09e5ec82f858d39ccdfb98a9f
          Size/MD5 checksum:   203062 187050f5af48a2f42e9f088ac873a18d
      Little endian MIPS architecture:
          Size/MD5 checksum:   185138 0ee63b58bb101dec2a6aa2c4a0c9db24
          Size/MD5 checksum:   103716 bc85d55e05a8080679e1db79025438ec
          Size/MD5 checksum:   192940 74169ef6f060184df30a5c4d40f202c2
          Size/MD5 checksum:   203962 8cf7f74f563d8545bfe1ff7315e22272
          Size/MD5 checksum:   203786 a0314a061652ad0efaa0f8e2d7964825
      PowerPC architecture:
          Size/MD5 checksum:   175390 7e5c0ec43d7ca73ca4bf1f22a68fc137
          Size/MD5 checksum:    93304 d2ba0c7e16981d7ee13e0531fd1002e7
          Size/MD5 checksum:   183158 2ec2ebe5e3d681183540365fae46ba00
          Size/MD5 checksum:   193426 a919d347d1b8cb6e1989d679482cac7e
          Size/MD5 checksum:   193304 59b9f59189145e3143e59711bbc1631b
      IBM S/390 architecture:
          Size/MD5 checksum:   166080 45b72cea50f10fc210eea80549988ade
          Size/MD5 checksum:    92152 2bdf3ffa8421b87927e84d51c033cbac
          Size/MD5 checksum:   173954 ce047bfc41b52cd69eb2a06f7f0d772c
          Size/MD5 checksum:   183348 44ff5a18066e9279073fec7f9f1effa9
          Size/MD5 checksum:   183202 7e7a3ce1e040716124e49d25ddbceab5
      Sun Sparc architecture:
          Size/MD5 checksum:   169568 74ef415c3b9191d26ca260d4b5f9f14d
          Size/MD5 checksum:    92694 7cb9eb15c256582ebbe4ee2074633c19
          Size/MD5 checksum:   177790 d0d1a7140862d474bf362c11ea7c9a6a
          Size/MD5 checksum:   188380 9d6a93e06664f40d40c1c5f342af2680
          Size/MD5 checksum:   188210 bab4d525c2d5498efdc4fc936a9fc684
      These files will probably be moved into the stable distribution on
      its next revision.
    - ---------------------------------------------------------------------------------
    For apt-get: deb stable/updates main
    For dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and

    LinuxSecurity Poll

    Which aspect of server security are you most interested in learning more about?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"131","title":"Preventing information leakage","votes":"1","type":"x","order":"1","pct":100,"resources":[]},{"id":"132","title":"Firewall considerations","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"133","title":"Permissions ","votes":"0","type":"x","order":"3","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.