Two vulnerabilities in ProFTPD might allow for SQL injection attacks.
|Package||net-ftp/proftpd on all architectures|
|Affected versions||< 1.3.2|
|Unaffected versions||>= 1.3.2|
ProFTPD is an advanced and very configurable FTP server.
The following vulnerabilities were reported:
A remote attacker could send specially crafted requests to the server, possibly resulting in the execution of arbitrary SQL statements.
There is no known workaround at this time.
All ProFTPD users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-ftp/proftpd-1.3.2"
March 12, 2009
March 12, 2009: 01